Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.agent.bi ?!?!?


  • Please log in to reply
14 replies to this topic

#1 OICBrad812

OICBrad812

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 December 2005 - 07:34 PM

Hi guys. I hope you can help me. I got this virus the other night, and things just went crazy. I finally got the spyware off I think, but when I run a scan with ewido, the trojan.Agent.bi keeps showing up 7 or 8 times.
Before, my desktop background was covered with a whitescreen like an internet site, but I managed to get that off, and whenever I would open Internet Explorer, this "about: blank" page would be my startup page. I got that back to normal too, but the trojan.Agent.bi is still showing up on my virus scan.
Please help me. This beast must be destoyed! Here's my HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:20:30 PM, on 12/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\AIM\aim.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe



I appreciate anything you can do for me

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2005 - 04:27 AM

Hi OICBrad812 and Welcome to the Bleeping Computer!

Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda

#3 OICBrad812

OICBrad812
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 25 December 2005 - 01:09 AM

Here's my WinPfind log. I'm about to reboot and run the Panda Scan

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 12/24/2005 7:40:42 PM 31327346 C:\NAV061200.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINNT\SYSTEM32\dfrg.msc
PTech 7/12/2005 5:04:22 PM 520456 C:\WINNT\SYSTEM32\LegitCheckControl.dll
PECompact2 12/8/2005 6:20:26 PM 2714976 C:\WINNT\SYSTEM32\MRT.exe
aspack 12/8/2005 6:20:26 PM 2714976 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINNT\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINNT\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINNT\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/24/2005 11:42:10 PM S 2048 C:\WINNT\bootstat.dat
12/24/2005 11:35:32 PM H 35870 C:\WINNT\system32\vsconfig.xml
12/18/2005 6:10:52 PM H 4212 C:\WINNT\system32\zllictbl.dat
11/30/2005 10:17:10 PM S 21633 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 6:12:48 PM S 10925 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
12/24/2005 11:42:28 PM H 16384 C:\WINNT\system32\config\default.LOG
12/24/2005 11:42:20 PM H 1024 C:\WINNT\system32\config\SAM.LOG
12/24/2005 11:42:12 PM H 16384 C:\WINNT\system32\config\SECURITY.LOG
12/24/2005 11:46:34 PM H 159744 C:\WINNT\system32\config\software.LOG
12/24/2005 11:42:34 PM H 954368 C:\WINNT\system32\config\system.LOG
12/15/2005 4:39:48 PM H 1024 C:\WINNT\system32\config\systemprofile\NTUSER.DAT.LOG
12/15/2005 1:19:18 PM S 7652 C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
12/15/2005 1:19:18 PM S 134 C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
12/24/2005 11:39:02 PM H 6 C:\WINNT\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\access.cpl
Iomega Corporation 9/24/2002 4:44:10 PM 151552 C:\WINNT\SYSTEM32\ADPanel.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINNT\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINNT\SYSTEM32\firewall.cpl
BillP Studios 8/28/2001 11:27:08 AM 135168 C:\WINNT\SYSTEM32\gwhotkey.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINNT\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINNT\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINNT\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINNT\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
The Weather Channel Interactive5/18/2005 12:22:20 PM 3010560 C:\WINNT\SYSTEM32\wxfw.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINNT\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINNT\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINNT\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINNT\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINNT\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINNT\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINNT\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155648 C:\WINNT\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINNT\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINNT\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINNT\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/13/2003 8:21:20 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/13/2003 8:09:30 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
11/15/2005 7:44:56 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
5/13/2003 8:21:20 AM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
5/13/2003 8:09:30 AM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINNT\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup C:\WINNT\pss\Cisco Systems VPN Client.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe "-user_logon"
item Cisco Systems VPN Client
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup C:\WINNT\pss\Cisco Systems VPN Client.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe "-user_logon"
item Cisco Systems VPN Client

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINNT\pss\Kodak EasyShare software.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item Kodak EasyShare software
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINNT\pss\Kodak EasyShare software.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item Kodak EasyShare software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup C:\WINNT\pss\KODAK Software Updater.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE
item KODAK Software Updater
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup C:\WINNT\pss\KODAK Software Updater.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE
item KODAK Software Updater

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINNT\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINNT\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Hewlett-Packard Recorder.lnk
path C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Hewlett-Packard Recorder.lnk
backup C:\WINNT\pss\Hewlett-Packard Recorder.lnkStartup
location Startup
command C:\PROGRA~1\HEWLET~1\AiO\HPOFFI~1\FRU\Remind32.exe
item Hewlett-Packard Recorder
path C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Hewlett-Packard Recorder.lnk
backup C:\WINNT\pss\Hewlett-Packard Recorder.lnkStartup
location Startup
command C:\PROGRA~1\HEWLET~1\AiO\HPOFFI~1\FRU\Remind32.exe
item Hewlett-Packard Recorder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk
path C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup C:\WINNT\pss\Webshots.lnkStartup
location Startup
command C:\PROGRA~1\Webshots\Launcher.exe /t
item Webshots
path C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup C:\WINNT\pss\Webshots.lnkStartup
location Startup
command C:\PROGRA~1\Webshots\Launcher.exe /t
item Webshots

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\5C.tmp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 5C
hkey HKLM
command C:\DOCUME~1\Owner\LOCALS~1\Temp\5C.tmp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 5C
hkey HKLM
command C:\DOCUME~1\Owner\LOCALS~1\Temp\5C.tmp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\5C.tmp.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 5C
hkey HKLM
command C:\DOCUME~1\Owner\LOCALS~1\Temp\5C.tmp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 5C
hkey HKLM
command C:\DOCUME~1\Owner\LOCALS~1\Temp\5C.tmp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdaptecDirectCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ADUserMon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADUserMon
hkey HKLM
command C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADUserMon
hkey HKLM
command C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\alchem
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item alchem
hkey HKLM
command C:\WINNT\alchem.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item alchem
hkey HKLM
command C:\WINNT\alchem.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AltnetPointsManager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item points manager
hkey HKLM
command c:\program files\altnet\points manager\points manager.exe -s
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item points manager
hkey HKLM
command c:\program files\altnet\points manager\points manager.exe -s
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIModeChange
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ati2mdxx
hkey HKLM
command Ati2mdxx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ati2mdxx
hkey HKLM
command Ati2mdxx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BLMessagingIntegration
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item blengine
hkey HKCU
command C:\Program Files\Common Files\PSD Tools\blengine.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item blengine
hkey HKCU
command C:\Program Files\Common Files\PSD Tools\blengine.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINNT\system32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINNT\system32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Weather 3
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item The Weather Channel
hkey HKCU
command C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item The Weather Channel
hkey HKCU
command C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Deskup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item deskup
hkey HKLM
command C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item deskup
hkey HKLM
command C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DIGStream
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item digstream
hkey HKLM
command C:\Program Files\DIGStream\digstream.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item digstream
hkey HKLM
command C:\Program Files\DIGStream\digstream.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DW4
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DesktopWeather
hkey HKCU
command "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DesktopWeather
hkey HKCU
command "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eqysaeu
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zwxgbkk
hkey HKLM
command c:\winnt\system32\zwxgbkk.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zwxgbkk
hkey HKLM
command c:\winnt\system32\zwxgbkk.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\farmmext
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item farmmext
hkey HKLM
command C:\WINNT\farmmext.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item farmmext
hkey HKLM
command C:\WINNT\farmmext.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GWMDMMSG
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GWMDMMSG
hkey HKLM
command GWMDMMSG.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GWMDMMSG
hkey HKLM
command GWMDMMSG.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iomega Drive Icons
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ImgIcon
hkey HKLM
command C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ImgIcon
hkey HKLM
command C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kdiqjcat
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xzkqdyl
hkey HKLM
command C:\WINNT\System32\xzkqdyl.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xzkqdyl
hkey HKLM
command C:\WINNT\System32\xzkqdyl.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkUFind
hkey HKLM
command C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkUFind
hkey HKLM
command C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MimBoot
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mimboot
hkey HKLM
command C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mimboot
hkey HKLM
command C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mmtask
hkey HKLM
command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mmtask
hkey HKLM
command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mm_tray
hkey HKLM
command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mm_tray
hkey HKLM
command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Multi-function Keyboard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GWHotKey
hkey HKLM
command GWHotKey.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GWHotKey
hkey HKLM
command GWHotKey.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\netao32.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item netao32
hkey HKLM
command C:\WINNT\netao32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item netao32
hkey HKLM
command C:\WINNT\netao32.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item P2P Networking
hkey HKLM
command C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item P2P Networking
hkey HKLM
command C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSD Tools Channel
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ChannelUp
hkey HKCU
command C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ChannelUp
hkey HKCU
command C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pvmrrmv
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cjdwkrb
hkey HKLM
command c:\winnt\system32\cjdwkrb.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cjdwkrb
hkey HKLM
command c:\winnt\system32\cjdwkrb.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qqjklv
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qyigllt
hkey HKLM
command c:\winnt\system32\qyigllt.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qyigllt
hkey HKLM
command c:\winnt\system32\qyigllt.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qsfvyi
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igtntft
hkey HKLM
command c:\winnt\system32\igtntft.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igtntft
hkey HKLM
command c:\winnt\system32\igtntft.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\satmat
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item satmat
hkey HKLM
command C:\WINNT\satmat.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item satmat
hkey HKLM
command C:\WINNT\satmat.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyFighterMonitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpyFighter
hkey HKLM
command "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpyFighter
hkey HKLM
command "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyFighterUpdate
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AutoUpdate
hkey HKLM
command "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AutoUpdate
hkey HKLM
command "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TheLionCluster
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item skinkers
hkey HKCU
command C:\Program Files\The Lion\skinkers.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item skinkers
hkey HKCU
command C:\Program Files\The Lion\skinkers.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vzjqjsd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item itjqsa
hkey HKLM
command c:\winnt\system32\itjqsa.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item itjqsa
hkey HKLM
command c:\winnt\system32\itjqsa.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WildTangent CDA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cdaEngine0500
hkey HKLM
command "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cdaEngine0500
hkey HKLM
command "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\xtlizvy
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bsxotj
hkey HKLM
command c:\winnt\system32\bsxotj.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bsxotj
hkey HKLM
command c:\winnt\system32\bsxotj.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINNT\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/24/2005 11:52:36 PM

#4 OICBrad812

OICBrad812
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 25 December 2005 - 02:03 AM

Here's my Panda ActiveScan I ran after rebooting from safe mode.

Incident Status Location

Dialer:Dialer.DNA Not disinfected C:\DOCUME~1\OWNER\LOCALS~1\TEMP\5C.TMP.EXE
Adware:adware/psguard Not disinfected C:\WINNT\warnhp.html
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Owner\Application Data\Lycos
Spyware:spyware/betterinet Not disinfected Windows Registry
Dialer:Dialer.DNA Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\5C.tmp
Dialer:Dialer.DNA Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\5C.tmp.exe

#5 OICBrad812

OICBrad812
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 25 December 2005 - 02:12 AM

and here's my new logfile from HijackThis. I think my Norton Antivirus had expired, so I bought and installed Norton Antivirus 2006 before running any of these last scans( the WinPfind, PandaActivescan, and the new HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:04:34 AM, on 12/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\GWHotKey.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [xtlizvy] c:\winnt\system32\bsxotj.exe r
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [vzjqjsd] c:\winnt\system32\itjqsa.exe r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qsfvyi] c:\winnt\system32\igtntft.exe r
O4 - HKLM\..\Run: [qqjklv] c:\winnt\system32\qyigllt.exe r
O4 - HKLM\..\Run: [pvmrrmv] c:\winnt\system32\cjdwkrb.exe r
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [netao32.exe] C:\WINNT\netao32.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kdiqjcat] C:\WINNT\System32\xzkqdyl.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [eqysaeu] c:\winnt\system32\zwxgbkk.exe r
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [5C.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\5C.tmp.exe
O4 - HKLM\..\Run: [5C.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\5C.tmp.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2005 - 01:34 PM

Go to Add\Remove Programs and Remove any of these found

BuddyLinks
PSDT Messaging Integration
PSD Tools ChannelUp v1.0
WildTangent



If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet

Download and install the Ad-Aware VX2 Cleaner Plug-in.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column.

Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.


Download CCleaner:
http://www.filehippo.com/download_ccleaner.html

Dont run it just yet.

Reboot into SAFE MODE(Tap F8 when restarting)

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...torial=62#winxp


Locate and Delete if found

C:\WINNT\warnhp.html<- File

C:\WINNT\satmat.exe<- File

C:\WINNT\netao32.exe<- File

C:\WINNT\farmmext.exe<- File

C:\WINNT\alchem.exe<- File

c:\winnt\system32\zwxgbkk.exe<- File

C:\WINNT\System32\xzkqdyl.exe<- File

c:\winnt\system32\bsxotj.exe<- File

c:\winnt\system32\itjqsa.exe<- File

c:\winnt\system32\igtntft.exe<- File

c:\winnt\system32\qyigllt.exe<- File

c:\winnt\system32\cjdwkrb.exe<- File

C:\WINNT\System32\P2P Networking<- Folder

C:\Documents and Settings\Owner\Local Settings\Temp\5C.tmp<- File

C:\Documents and Settings\Owner\Local Settings\Temp\5C.tmp.exe<- File

C:\Documents and Settings\Owner\Application Data\Lycos<- Folder

C:\Program Files\WildTangent<- Folder

c:\program files\altnet<- Folder

C:\Program Files\Common Files\PSD Tools<- Folder

C:\Program Files\buddylinks.net<- Folder

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [xtlizvy] c:\winnt\system32\bsxotj.exe r

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [vzjqjsd] c:\winnt\system32\itjqsa.exe r

O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe

O4 - HKLM\..\Run: [qsfvyi] c:\winnt\system32\igtntft.exe r

O4 - HKLM\..\Run: [qqjklv] c:\winnt\system32\qyigllt.exe r

O4 - HKLM\..\Run: [pvmrrmv] c:\winnt\system32\cjdwkrb.exe r

O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [netao32.exe] C:\WINNT\netao32.exe

O4 - HKLM\..\Run: [kdiqjcat] C:\WINNT\System32\xzkqdyl.exe

O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe

O4 - HKLM\..\Run: [eqysaeu] c:\winnt\system32\zwxgbkk.exe r

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [5C.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\5C.tmp.exe

O4 - HKLM\..\Run: [5C.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\5C.tmp.exe

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Now open and Run CCleaner.
All you will want to use on this is the Opening Page(Windows Tab)Just Click Run Cleaner and let it do its thing


Still in Safe Mode,Scan the system again with WinPFind.


Restart Normal and have the PC Scanned here
http://www.windowsecurity.com/trojanscan/

Save any results from the Scan and post them back here with a fresh HijackThis log and the results of the WinPFind log.

#7 OICBrad812

OICBrad812
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 28 December 2005 - 09:59 PM

Here's my new WinPfind log I took in Safe Mode. I couldn't find all of the files you listed, but I removed the ones I could.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 12/24/2005 7:40:42 PM 31327346 C:\NAV061200.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINNT\SYSTEM32\dfrg.msc
PTech 7/12/2005 5:04:22 PM 520456 C:\WINNT\SYSTEM32\LegitCheckControl.dll
PECompact2 12/8/2005 6:20:26 PM 2714976 C:\WINNT\SYSTEM32\MRT.exe
aspack 12/8/2005 6:20:26 PM 2714976 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINNT\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINNT\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINNT\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/28/2005 7:53:56 PM S 2048 C:\WINNT\bootstat.dat
12/28/2005 7:22:24 PM H 35870 C:\WINNT\system32\vsconfig.xml
12/18/2005 6:10:52 PM H 4212 C:\WINNT\system32\zllictbl.dat
11/30/2005 10:17:10 PM S 21633 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 6:12:48 PM S 10925 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
12/28/2005 7:54:14 PM H 16384 C:\WINNT\system32\config\default.LOG
12/28/2005 7:54:06 PM H 1024 C:\WINNT\system32\config\SAM.LOG
12/28/2005 7:53:58 PM H 16384 C:\WINNT\system32\config\SECURITY.LOG
12/28/2005 8:11:24 PM H 217088 C:\WINNT\system32\config\software.LOG
12/28/2005 8:14:42 PM H 991232 C:\WINNT\system32\config\system.LOG
12/15/2005 4:39:48 PM H 1024 C:\WINNT\system32\config\systemprofile\NTUSER.DAT.LOG
12/15/2005 1:19:18 PM S 7652 C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
12/15/2005 1:19:18 PM S 134 C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
12/28/2005 7:29:38 PM H 6 C:\WINNT\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\access.cpl
Iomega Corporation 9/24/2002 4:44:10 PM 151552 C:\WINNT\SYSTEM32\ADPanel.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINNT\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINNT\SYSTEM32\firewall.cpl
BillP Studios 8/28/2001 11:27:08 AM 135168 C:\WINNT\SYSTEM32\gwhotkey.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINNT\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINNT\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINNT\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINNT\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
The Weather Channel Interactive5/18/2005 12:22:20 PM 3010560 C:\WINNT\SYSTEM32\wxfw.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINNT\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINNT\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINNT\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINNT\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINNT\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINNT\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINNT\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155648 C:\WINNT\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINNT\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINNT\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINNT\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/13/2003 8:21:20 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
1/3/2004 7:06:56 PM 1803 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
1/3/2004 7:07:28 PM 1915 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
7/22/2003 5:26:46 PM 1726 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/13/2003 8:09:30 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
11/15/2005 7:44:56 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
5/13/2003 8:21:20 AM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
5/13/2003 8:09:30 AM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINNT\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
SpyFighterUpdate "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
SpyFighterMonitor "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Multi-function Keyboard GWHotKey.exe
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
MimBoot C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
Iomega Drive Icons C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
GWMDMMSG GWMDMMSG.exe
Deskup C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
ATIModeChange Ati2mdxx.exe
ADUserMon C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
AdaptecDirectCD C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TheLionCluster C:\Program Files\The Lion\skinkers.exe
PSD Tools Channel C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
DW4 "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
Desktop Weather 3 C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
ctfmon.exe C:\WINNT\system32\ctfmon.exe
BLMessagingIntegration C:\Program Files\Common Files\PSD Tools\blengine.exe
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINNT\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/28/2005 8:20:19 PM

#8 OICBrad812

OICBrad812
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 December 2005 - 10:54 PM

and here's my HijackThis logfile after rebooting in Normal Mode and running the TrojanScan. There was nothing found by the TrojanScan. I did notice that "R3 - Default URLSearchHook is missing" showed up in the HijackThis logfile in Normal Mode, but not in Safe Mode. I didn't know if I should remove it in Normal Mode, so I just left it on there.


Logfile of HijackThis v1.99.1
Scan saved at 9:48:27 PM, on 12/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\GWHotKey.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\GWMDMMSG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 29 December 2005 - 04:57 AM

Looking much better!

Copy the text below to a blank notepad page and save it to the desktop as Clr.reg

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BLMessagingIntegration"=-



Once saved,double click Clr.reg and allow it to merge into the registry.


For some added cleanup of uneeded resource hogs at Startup

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Lets see one last Online Scan,Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#10 OICBrad812

OICBrad812
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 December 2005 - 07:46 PM

Here's my Kaspersky Scan results

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, December 29, 2005 18:42:50
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 30/12/2005
Kaspersky Anti-Virus database records: 168242
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 52788
Number of viruses found: 20
Number of infected objects: 145
Number of suspicious objects: 0
Duration of the scan process: 3399 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Administrator\.housecall\Quarantine\ChannelUp.exe.bac_a02004 Infected: not-a-virus:AdWare.Win32.PurityScan.p
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr148.dll.bac_a02004 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr23.dll.bac_a02004 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr476.dll.bac_a02004 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr748.dll.bac_a02004 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr76.dll.bac_a02004 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr779.dll.bac_a02004 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Administrator\.housecall\Quarantine\ldr861.dll.bac_a02004 Infected: Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0006134A.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\001D3931.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E853881.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E853881.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E853881.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E853881.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E853881.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E853881.exe Infected: not-a-virus:AdWare.Win32.WebRebates.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10943634.dat Infected: Virus.Win32.HLLP.Hantaner.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16250AF7.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163906E2.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25D52DFE.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25EF7DE1.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\370571F0.exe Infected: Trojan-Downloader.Win32.Agent.zx
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37081BEC.exe Infected: Trojan-Downloader.Win32.Agent.zx
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67EB6EFC.dll Infected: Trojan-Downloader.Win32.WinShow.bg
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78B0455C.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78DB672E.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.exe Infected: Backdoor.Win32.Padodor.ax
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F80000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01200000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01240000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04540000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0000.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07840000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08940000.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\089C0000.VBN Infected: Trojan.Win32.SecondThought.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN Infected: Trojan.Win32.SecondThought.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B80000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08BC0000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E00000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E40001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08EC0000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09340000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09380000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09380001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09400000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09640000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680002.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B00000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B00001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A000000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A000001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A300000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A300001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A340000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A680000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A680001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC40001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AFC0000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B240000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B280000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B380000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B380001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B400000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80003.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80005.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80007.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80009.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA8000B.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA8000D.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA8000F.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80011.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD00001.VBN Infected: Trojan.Win32.StartPage.acn
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD00002.VBN Infected: Trojan-Dropper.Win32.Agent.abu
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD00003.VBN Infected: Trojan-Downloader.Win32.Delf.us
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40000.VBN Infected: Trojan-Dropper.Win32.Agent.abu
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40001.VBN Infected: Trojan.Win32.StartPage.acn
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80000.VBN Infected: Virus.Win32.Nsag.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80001.VBN Infected: Backdoor.Win32.Padodor.ax
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80002.VBN Infected: Backdoor.Win32.Padodor.ax
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80003.VBN Infected: Trojan.Win32.StartPage.acn
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80004.VBN Infected: Trojan-Downloader.Win32.Delf.us
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040000.VBN Infected: Virus.Win32.Nsag.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040001.VBN Infected: Trojan-Dropper.Win32.Agent.abu
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040002.VBN Infected: Trojan.Win32.StartPage.acn
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C080000.VBN Infected: Trojan.Win32.StartPage.acn
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C1C0000.VBN Infected: Trojan-Dropper.Win32.Agent.abu
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C280000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CCC0000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD00000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD40001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD80000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CEC0000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CEC0001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CF40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CF40001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D140000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D440000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D480000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D480001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D540000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD40000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD80000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE00000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE80000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100000.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100001.VBN Infected: Trojan.Win32.Agent.ay
C:\Documents and Settings\Owner\My Documents\Brad's Stuff\WILite.exe/data0002/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Owner\My Documents\Brad's Stuff\WILite.exe/data0002/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Owner\My Documents\Brad's Stuff\WILite.exe/data0002/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Owner\My Documents\Brad's Stuff\WILite.exe/data0002/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Owner\My Documents\Brad's Stuff\WILite.exe/data0002/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Owner\My Documents\Brad's Stuff\WILite.exe/data0002 Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Owner\My Documents\Brad's Stuff\WILite.exe Infected: not-a-virus:AdWare.Win32.NavExcel

Scan process completed.

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 29 December 2005 - 09:28 PM

You can delete this folder if you wish

C:\Documents and Settings\Administrator\.housecall

Open Norton Antivirus and Click Reports-> Click The "View Reports" beside Quarantined Items.

Highlight all entries and select "Delete Items"


Now locate and Delete-> C:\Documents and Settings\Owner\My Documents\Brad's Stuff\WILite.exe

Empty your "Recycle Bin"


Restart and lets see one last Online Scan here
http://www.bitdefender.com/scan/licence.php


Post back with any results from that scan and let me know how the PC is acting?

#12 OICBrad812

OICBrad812
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 30 December 2005 - 05:36 AM

Here's the results for the BitDefender Scan.



BitDefender Online Scanner



Scan report generated at: Fri, Dec 30, 2005 - 04:23:25





Scan path: A:\;C:\;D:\;







Statistics

Time
01:01:59

Files
354179

Folders
4411

Boot Sectors
2

Archives
7166

Packed Files
26861




Results

Identified Viruses
8

Infected Files
105

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
205




Engines Info

Virus Definitions
248944

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F80000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01200000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01200000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01240000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01240000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04540000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04540000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07840000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07840000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\089C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.SecondThought.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\089C0000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\089C0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN=>(Quarantine-PE)
Infected with: Trojan.SecondThought.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B80000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08BC0000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08BC0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E00000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E00000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E40001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E40001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08EC0000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08EC0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09340000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09340000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09380000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09380000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09380001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09380001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09400000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09400000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09640000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09640000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680002.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680002.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B00000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B00000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B00001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B00001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A000000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A000000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A000001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A000001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A300000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A300000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A300001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A300001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A340000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A340000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A680000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A680000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A680001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A680001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC40001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC40001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AFC0000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AFC0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B240000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B240000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B280000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B280000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B380000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B380000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B380001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B380001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B400000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B400000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80003.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80003.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80005.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80005.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80007.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80007.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80009.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80009.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA8000B.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA8000B.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA8000D.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA8000D.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA8000F.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA8000F.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80011.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA80011.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD00002.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Agent.ABU

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD00002.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD00002.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD00003.VBN=>(Quarantine-PE)
Infected with: Trojan.Downloader.Delf.US

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD00003.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD00003.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Agent.ABU

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80000.VBN=>(Quarantine-PE)
Infected with: Trojan.WininetHook.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80001.VBN=>(Quarantine-PE)
Infected with: Backdoor.Padodor.AX

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80002.VBN=>(Quarantine-PE)
Infected with: Backdoor.Padodor.AX

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80002.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80002.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80004.VBN=>(Quarantine-PE)
Infected with: Trojan.Downloader.Delf.US

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80004.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80004.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040000.VBN=>(Quarantine-PE)
Infected with: Trojan.WininetHook.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040001.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Agent.ABU

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040001.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C100000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C1C0000.VBN=>(Quarantine-PE)
Infected with: Trojan.Dropper.Agent.ABU

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C1C0000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C1C0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C280000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C280000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CCC0000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CCC0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD00000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD00000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD40001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD40001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD80000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CD80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CEC0000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CEC0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CEC0001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CEC0001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CF40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CF40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CF40001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CF40001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D140000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D140000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D440000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D440000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D480000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D480000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D480001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D480001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D540000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D540000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD40000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD40000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD80000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE00000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE00000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE80000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE80000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100000.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100001.VBN=>(Quarantine-PE)
Infected with: Trojan.Agent.AY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100001.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\Owner\My Documents\Install_AIM.exe=>wise0038=>wise0008
Detected with: Adware.Wheaterbug.A

C:\Documents and Settings\Owner\My Documents\Install_AIM.exe=>wise0038=>wise0008
Disinfection failed

C:\Documents and Settings\Owner\My Documents\Install_AIM.exe=>wise0038=>wise0008
Deleted

C:\Documents and Settings\Owner\My Documents\Install_AIM.exe=>wise0038
Update failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Detected with: Adware.Wheaterbug.A

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Disinfection failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE
Update failed

C:\WINNT\cdPlayer.ini=>:unyqdp:$DATA=>(JAVASCRIPT 13)
Infected with: Trojan.Downloader.WinShow.L

C:\WINNT\cdPlayer.ini=>:unyqdp:$DATA=>(JAVASCRIPT 13)
Disinfection failed

C:\WINNT\cdPlayer.ini=>:unyqdp:$DATA=>(JAVASCRIPT 13)
Deleted

C:\WINNT\cdPlayer.ini=>:unyqdp:$DATA
Updated

C:\WINNT\cdPlayer.ini
Update failed

C:\WINNT\mshsu.dll=>(JAVASCRIPT 13)
Infected with: Trojan.Downloader.WinShow.L

C:\WINNT\mshsu.dll=>(JAVASCRIPT 13)
Disinfection failed

C:\WINNT\mshsu.dll=>(JAVASCRIPT 13)
Deleted

C:\WINNT\mshsu.dll
Updated

C:\WINNT\system32\fcnrw.dll=>(JAVASCRIPT 13)
Infected with: Trojan.Downloader.WinShow.L

C:\WINNT\system32\fcnrw.dll=>(JAVASCRIPT 13)
Disinfection failed

C:\WINNT\system32\fcnrw.dll=>(JAVASCRIPT 13)
Deleted

C:\WINNT\system32\fcnrw.dll
Updated

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 31 December 2005 - 06:55 AM

Wow,I forgot BitDefender deletes files it cant fix!

You want to be sure none of the files below exist anymore.

C:\WINNT\cdPlayer.ini

C:\WINNT\mshsu.dll

C:\WINNT\system32\fcnrw.dll

C:\Program Files\AIM\Sysfiles\WxBug.EXE


We allready discussed how to empty the Quarantine Folder for Norton when you get ready.


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?

#14 OICBrad812

OICBrad812
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 05 January 2006 - 04:25 AM

Everythings working GREAT! The computer seems to be doing just fine now. Thank you so much for all for all your help. I couldn't have done it without you, and Geeksquad couldn't do it at all. They suggested I do a system recovery and reinstall everything. fools. You guys are awesome.

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 January 2006 - 04:48 PM

Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


If you ever need us again,you know how to find us! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users