Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sphysheriff...tried Everything.. Need Help


  • Please log in to reply
37 replies to this topic

#1 lifelessboy

lifelessboy

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 18 April 2006 - 04:19 PM

Who ever can help me please...
All the files that seem to be assocciated with spysheriff arent in my log
Can anyone help?
I've run adaware, norton anti virus and web sweeper and still cant get rid of this bleep.

Here is my logfile if anyone can decipher this and tell me what wrong..
i swear... i will make whoever helps me with this a paypal donation

THANKS

Logfile of HijackThis v1.99.1
Scan saved at 2:09:35 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\windows\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\windows\security\FireDaemon.exe
C:\windows\System32\DRIVERS\WtSrv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\Rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\windows\wupdmgr.exe
C:\windows\osaupd.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\windows\system32\winsrv32.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: winapi32.MyBHO - {B52CCF85-726D-471C-B72C-CA9F104C5B98} - C:\windows\system32\winapi32.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: NQosQjIbsjLG - {A4BFDE95-0E15-743F-8D6F-C03A9BF5F21C} - C:\windows\system32\cyw.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\windows\security\FireDaemon.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\windows\System32\DRIVERS\WtSrv.exe

BC AdBot (Login to Remove)

 


m

#2 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 18 April 2006 - 06:35 PM

Hello lifelessboy and welcome to BC,

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Steven

#3 lifelessboy

lifelessboy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 18 April 2006 - 07:41 PM

thank you sooooooo much dahli.....



SmitFraudFix v2.32

Scan done at 17:33:26.78, Tue 04/18/2006
Run from C:\Documents and Settings\Owner\Desktop\fraudscan
OS: Microsoft Windows XP [Version 5.1.2600]

C:\

C:\exit FOUND !
C:\uniq FOUND !

C:\windows

C:\windows\osaupd.exe FOUND !
C:\windows\windows.html FOUND !
C:\windows\wupdmgr.exe FOUND !

C:\windows\system


C:\windows\Web


C:\windows\system32

C:\windows\system32\runsrv32.dll FOUND !
C:\windows\system32\runsrv32.exe FOUND !
C:\windows\system32\shell386.exe FOUND !
C:\windows\system32\tcpservice2.exe FOUND !
C:\windows\system32\txfdb32.dll FOUND !
C:\windows\system32\winapi32.dll FOUND !
C:\windows\system32\wstart.dll FOUND !

C:\Documents and Settings\Owner\Application Data


Start Menu


C:\Documents and Settings\Owner\Favorites


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


Scanning wininet.dll infection


End

#4 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 18 April 2006 - 07:45 PM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
Steven

#5 lifelessboy

lifelessboy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 18 April 2006 - 08:31 PM

so whats next?




SmitFraudFix v2.32

Scan done at 18:22:24.00, Tue 04/18/2006
Run from C:\Documents and Settings\Administrator\Desktop\fraudsweep
OS: Microsoft Windows XP [Version 5.1.2600]

Killing process


Deleting infected files

C:\exit Deleted
C:\uniq Deleted
C:\windows\osaupd.exe Deleted
C:\windows\windows.html Deleted
C:\windows\system32\runsrv32.dll Deleted
C:\windows\system32\runsrv32.exe Deleted
C:\windows\system32\shell386.exe Deleted
C:\windows\system32\tcpservice2.exe Deleted
C:\windows\system32\txfdb32.dll Deleted
C:\windows\system32\winapi32.dll Deleted
C:\windows\system32\wstart.dll Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

End

#6 lifelessboy

lifelessboy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 18 April 2006 - 08:41 PM

thats helped a little, but there are still those litttle exclamation points saying i have spyware..
tenacious little programs.

thanks

#7 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 19 April 2006 - 10:12 AM

Reboot in SAFE MODE (Tap F8 during startup)

Click Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

Reboot in Normal Mode

Go here and run a Bitdefender Online Scan. Save the log it creates and post it here. This scan may take a while so please be patient.

Also post a new HijackThis log.

Edited by dahli, 19 April 2006 - 10:12 AM.

Steven

#8 lifelessboy

lifelessboy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 19 April 2006 - 09:29 PM

BitDefender Online Scanner
Scan report generated at: Wed, Apr 19, 2006 - 10:55:38
Scan path: A:\;C:\;D:\;E:\;G:\;

Statistics

Time
02:16:46

Files
498055

Folders
5487

Boot Sectors
4

Archives
8368

Packed Files
41065




Results

Identified Viruses
45

Infected Files
122

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
223




Engines Info

Virus Definitions
370476

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\001209CC.dll=>(Quarantine-2)
Detected with: Adware.Wheaterbug.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\001209CC.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\001209CC.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00221DE7.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00221DE7.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00221DE7.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00981ABB.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00981ABB.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00981ABB.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00981ABB.VBS
Infected with: Worm.Gedza.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00981ABB.VBS
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00AC16A6.VBS
Infected with: Worm.Gedza.B

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00AC16A6.VBS
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019129DD.tmp=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019129DD.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019129DD.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01E6676F.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01E6676F.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01E6676F.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01EF5342.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01EF5342.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01EF5342.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CF78C5.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CF78C5.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\061F4893.exe=>(Quarantine-2)
Infected with: Trojan.Regger.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\061F4893.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\061F4893.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\070112AF.tmp=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\070112AF.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\070112AF.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\088B7976.htm=>(Quarantine-2)
Infected with: Exploit.Phel.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\088B7976.htm=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\088B7976.htm=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C196AE2.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C196AE2.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C3A7E5D.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C3A7E5D.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C9E047F.exe=>(Quarantine-2)
Infected with: Backdoor.RBot.CPZ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C9E047F.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FDE7F7F.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FDE7F7F.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FDE7F7F.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12384435.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12384435.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12384435.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13773E1B.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13773E1B.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13773E1B.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\137A6817.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\137A6817.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\137A6817.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14053B75.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14053B75.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\143C523B.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\143C523B.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\144547F3.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.RR

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\144547F3.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\144547F3.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171913E4.tmp=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171913E4.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171C3DE0.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171C3DE0.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171C3DE0.tmp=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171C3DE0.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\172067DD.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\172067DD.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D482E71.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D482E71.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D482E71.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D58005F.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D58005F.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D58005F.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D5F5458.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D5F5458.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D5F5458.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D9922AF.txt=>(Quarantine-2)
Infected with: Trojan.Downloader.Tiny.AL

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D9922AF.txt=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\202959F1.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\202959F1.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\202959F1.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\204369C0.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Tiny.AL

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\204369C0.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29692ED0.exe=>(Quarantine-2)
Infected with: Trojan.Proxy.Small.BO

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29692ED0.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B6D1898.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Agent.BO

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B6D1898.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B6D1898.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E5F3291.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E5F3291.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E8D4728.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E8D4728.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E8D4728.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E907124.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E907124.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E907124.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC83AE7.exe
Infected with: Trojan.PWS.Sinowal.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC83AE7.exe
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC83AE7.exe
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE20ACA.exe=>(Quarantine-2)
Infected with: Trojan.Proxy.Agent.T

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE20ACA.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE20ACA.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE534C7.tmp=>(Quarantine-2)
Infected with: Trojan.Spy.Small.AK

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE534C7.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE534C7.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC141D3.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC141D3.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC141D3.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC56BCF.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC56BCF.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC56BCF.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FCB3FC8.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FCB3FC8.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FCB3FC8.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\300E2180.tmp=>(Quarantine-2)
Infected with: Trojan.Download.BU

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\300E2180.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\300E2180.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30287163.exe=>(Quarantine-2)
Infected with: Trojan.Exitwin.Z

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30287163.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30287163.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31A04DC6.txt=>(Quarantine-2)
Infected with: Trojan.Agent.GP

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31A04DC6.txt=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31A04DC6.txt=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31AD75B7.exe=>(Quarantine-2)
Infected with: Trojan.Spy.Small.AK

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31AD75B7.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31AD75B7.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31BD47A5.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Adload.AI

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31BD47A5.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31BD47A5.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31C7459B.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ZQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31C7459B.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31C7459B.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31F51168.exe=>(Quarantine-2)
Infected with: Backdoor.RBot.CPZ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31F51168.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\322F0528.txt=>(Quarantine-2)
Infected with: Trojan.Proxy.Small.BO

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\322F0528.txt=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32332F24.exe=>(Quarantine-2)
Infected with: Trojan.Dropper.Agent.OL

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32332F24.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32332F24.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32462B0E.txt=>(Quarantine-2)
Infected with: Trojan.Clicker.Small.KR

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32462B0E.txt=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32577CFD.exe=>(Quarantine-2)
Infected with: Trojan.Download.BU

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32577CFD.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32577CFD.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33317A0C.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.CPP

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33317A0C.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33352408.txt=>(Quarantine-2)
Infected with: Trojan.StartPage.II

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33352408.txt=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33352408.txt=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338069B5.exe=>(Quarantine-2)
Infected with: Trojan.Clicker.Small.K

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338069B5.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338069B5.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338069B5.txt=>(Quarantine-2)
Infected with: Trojan.Downloader.Tiny.AA

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338069B5.txt=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338069B5.txt=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\374946B0.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\374946B0.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\374946B0.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\374F1AA9.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\374F1AA9.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\374F1AA9.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\375244A5.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\375244A5.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\375244A5.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\435D0970.htm=>(Quarantine-2)
Infected with: Exploit.Html.MhtRedir.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\435D0970.htm=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\435D0970.htm=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43A935EC.exe=>(Quarantine-2)
Infected with: Trojan.Agent.GP

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43A935EC.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43A935EC.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48706155.exe=>(Quarantine-2)
Infected with: Trojan.Clicker.Small.KR

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48706155.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\512F0F0B.dll=>(Quarantine-2)
Infected with: Trojan.PSW.Agent.F

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\512F0F0B.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\512F0F0B.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51390D00.dll=>(Quarantine-2)
Infected with: Trojan.PSW.Agent.F

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51390D00.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51390D00.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\543F6BAD.exe=>(Quarantine-2)
Infected with: Trojan.Win32.SpyAgent.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\543F6BAD.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\543F6BAD.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56C923BD.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Java.Openconnection.V

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56C923BD.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56C923BD.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\588B5D7E.htm=>(Quarantine-2)
Infected with: Exploit.Html.MhtRedir.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\588B5D7E.htm=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\588B5D7E.htm=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59BA1111.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59BA1111.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59BA1111.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59BE3B0D.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59BE3B0D.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59BE3B0D.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59CD1974.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59CD1974.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AB93C8B.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AB93C8B.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AB93C8B.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AC33A80.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AC33A80.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AC33A80.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CF760A6.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CF760A6.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CF760A6.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CFD349F.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CFD349F.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CFD349F.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D015E9B.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D015E9B.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D015E9B.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\631B7D52.exe=>(Quarantine-2)
Infected with: Trojan.StartPage.II

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\631B7D52.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\631B7D52.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\686D6178.exe=>(Quarantine-2)
Infected with: Trojan.Proxy.Small.BO

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\686D6178.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68700B74.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Tiny.AA

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68700B74.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68700B74.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BFA389C.dll=>(Quarantine-2)
Infected with: Trojan.Krepper.AE

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BFA389C.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D495E1E.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.ZQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D495E1E.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D495E1E.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\707634A0.exe=>(Quarantine-2)
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\707634A0.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\707634A0.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70B73B33.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70B73B33.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70B73B33.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70BA652F.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70BA652F.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70BA652F.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70BD0F2C.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70BD0F2C.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70BD0F2C.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A470BD=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A470BD=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A470BD=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71B76CA8=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71B76CA8=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71B76CA8=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71BE40A0=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71BE40A0=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71BE40A0=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73893B3E.exe=>(Quarantine-2)
Infected with: Trojan.Proxy.Agent.BZ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73893B3E.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73893B3E.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73A06124.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Lager.AQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73A06124.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73A06124.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74121EA7.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74121EA7.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74121EA7.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\741C1C9C.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\741C1C9C.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\741C1C9C.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\745A752F.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.CPP

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\745A752F.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\747D2F56.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\747D2F56.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\747D2F56.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74805952.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74805952.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74805952.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75705E98.DLL=>(Quarantine-2)
Infected with: Trojan.Clicker.Small.K

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75705E98.DLL=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75705E98.DLL=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\784A1818.exe=>(Quarantine-2)
Infected with: Backdoor.Servu.AJ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\784A1818.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\784A1818.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CA23C4A.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CA23C4A.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CA23C4A.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D7C1628.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D7C1628.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D7C1628.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8C6816.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8C6816.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8C6816.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD37BEA.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD37BEA.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD37BEA.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DFA73BF.tmp=>(Quarantine-2)
Infected with: Trojan.PWS.Yaspy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DFA73BF.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DFA73BF.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E0F09A9.exe=>(Quarantine-2)
Infected with: Trojan.FakeAlert.CC

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E0F09A9.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E0F09A9.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EB87ECC.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EB87ECC.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EB87ECC.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{B95F2879-F377-4CA8-85BA-91ED4ECACDDB}\00000002.URM
Infected with: Trojan.SpySheriff.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{B95F2879-F377-4CA8-85BA-91ED4ECACDDB}\00000002.URM
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{B95F2879-F377-4CA8-85BA-91ED4ECACDDB}\00000002.URM
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{B95F2879-F377-4CA8-85BA-91ED4ECACDDB}\00000003.URM
Infected with: Trojan.SpySheriff.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{B95F2879-F377-4CA8-85BA-91ED4ECACDDB}\00000003.URM
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{B95F2879-F377-4CA8-85BA-91ED4ECACDDB}\00000003.URM
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{B95F2879-F377-4CA8-85BA-91ED4ECACDDB}\00000004.URM
Infected with: Trojan.SpySheriff.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{B95F2879-F377-4CA8-85BA-91ED4ECACDDB}\00000004.URM
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{B95F2879-F377-4CA8-85BA-91ED4ECACDDB}\00000004.URM
Deleted

C:\Documents and Settings\JESSICA\Local Settings\Temp\65.tmp
Infected with: Trojan.Downloader.Harnig.DC

C:\Documents and Settings\JESSICA\Local Settings\Temp\65.tmp
Disinfection failed

C:\Documents and Settings\JESSICA\Local Settings\Temp\65.tmp
Deleted

C:\Documents and Settings\JESSICA\Local Settings\Temporary Internet Files\Content.IE5\BP5KGFMF\rjrtdmjx[1].txt
Infected with: Trojan.Qhosts.HE

C:\Documents and Settings\JESSICA\Local Settings\Temporary Internet Files\Content.IE5\BP5KGFMF\rjrtdmjx[1].txt
Deleted

C:\Documents and Settings\JESSICA\Local Settings\Temporary Internet Files\Content.IE5\YKKQAZ4Q\red2[1].exe
Infected with: Trojan.Downloader.Harnig.DC

C:\Documents and Settings\JESSICA\Local Settings\Temporary Internet Files\Content.IE5\YKKQAZ4Q\red2[1].exe
Disinfection failed

C:\Documents and Settings\JESSICA\Local Settings\Temporary Internet Files\Content.IE5\YKKQAZ4Q\red2[1].exe
Deleted

C:\Documents and Settings\Owner\Local Settings\Temp\install45.exe
Infected with: Trojan.Dropper.Agent.PT

C:\Documents and Settings\Owner\Local Settings\Temp\install45.exe
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temp\install45.exe
Deleted

C:\Documents and Settings\Owner\My Documents\torrents\Lanny.Barbie.Born.To.Be.A.Star.XviD-DETOXATiON\Lanny.Barbie.Born.To.Be.A.Star.XviD.rar=>password.exe
Infected with: Trojan.Pws.Pauxp.H

C:\Documents and Settings\Owner\My Documents\torrents\Lanny.Barbie.Born.To.Be.A.Star.XviD-DETOXATiON\Lanny.Barbie.Born.To.Be.A.Star.XviD.rar=>password.exe
Disinfection failed

C:\Documents and Settings\Owner\My Documents\torrents\Lanny.Barbie.Born.To.Be.A.Star.XviD-DETOXATiON\Lanny.Barbie.Born.To.Be.A.Star.XviD.rar=>password.exe
Deleted

C:\Documents and Settings\Owner\My Documents\torrents\Lanny.Barbie.Born.To.Be.A.Star.XviD-DETOXATiON\Lanny.Barbie.Born.To.Be.A.Star.XviD.rar
Update failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Detected with: Adware.Wheaterbug.A

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Disinfection failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE
Update failed

C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\FamilyKeyLogger\cisvc.exe
Infected with: Trojan.Keylog.Progent.A

C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\FamilyKeyLogger\cisvc.exe
Disinfection failed

C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\FamilyKeyLogger\cisvc.exe
Deleted

C:\RECYCLER\S-1-5-21-1957994488-1993962763-725345543-1003\Dc107\LimeWire PRO 4.10.5.1.exe
Infected with: Trojan.Dropper.Agent.ADW

C:\RECYCLER\S-1-5-21-1957994488-1993962763-725345543-1003\Dc107\LimeWire PRO 4.10.5.1.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-1957994488-1993962763-725345543-1003\Dc107\LimeWire PRO 4.10.5.1.exe
Deleted

C:\WINDOWS\security\FireDaemon.exe
Infected with: Trojan.Pakes.1

C:\WINDOWS\security\FireDaemon.exe
Disinfection failed

C:\WINDOWS\security\FireDaemon.exe
Delete failed

C:\WINDOWS\security\winsecure.exe
Infected with: Backdoor.Iroffer.1227.D

C:\WINDOWS\security\winsecure.exe
Disinfection failed

C:\WINDOWS\security\winsecure.exe
Deleted

C:\WINDOWS\system32\senssrv.dll
Infected with: Trojan.Downloader.Harnig.DC

C:\WINDOWS\system32\senssrv.dll
Disinfection failed

C:\WINDOWS\system32\senssrv.dll
Deleted

C:\WINDOWS\Temp\41B0.tmp
Infected with: Trojan.PWS.Yaspy.A

C:\WINDOWS\Temp\41B0.tmp
Disinfection failed

C:\WINDOWS\Temp\41B0.tmp
Deleted

C:\WINDOWS\Temp\4829.tmp
Infected with: Trojan.PWS.Yaspy.A

C:\WINDOWS\Temp\4829.tmp
Disinfection failed

C:\WINDOWS\Temp\4829.tmp
Deleted

C:\WINDOWS\Temp\D39E.tmp
Infected with: Trojan.PWS.Yaspy.A

C:\WINDOWS\Temp\D39

#9 lifelessboy

lifelessboy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 19 April 2006 - 09:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:29:00 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\windows\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\windows\System32\DRIVERS\WtSrv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\windows\wupdmgr.exe
C:\windows\osaupd.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: winapi32.MyBHO - {B52CCF85-726D-471C-B72C-CA9F104C5B98} - C:\windows\system32\winapi32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: NQosQjIbsjLG - {A4BFDE95-0E15-743F-8D6F-C03A9BF5F21C} - C:\windows\system32\cyw.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\windows\security\FireDaemon.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\windows\System32\DRIVERS\WtSrv.exe

#10 lifelessboy

lifelessboy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 19 April 2006 - 09:31 PM

here is the bitdefender and the hijackthis logs...
im at work all day and cant reply, i hope this isnt a problem

once again....THANK YOU for your help

#11 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 20 April 2006 - 05:18 PM

Things are beginning to look good.

Reboot in SAFE MODE (Tap F8 during startup)

Run HijackThis and check the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: winapi32.MyBHO - {B52CCF85-726D-471C-B72C-CA9F104C5B98} - C:\windows\system32\winapi32.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Click FIX CHECKED

Reboot in NORMAL MODE and post a new HijackThis log
Steven

#12 lifelessboy

lifelessboy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 20 April 2006 - 05:54 PM

ok...

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

The above hijack line wasnt shown when i ran hijackthis in safe mode, but it was when i rebooted normally. I

should i save the back ups?

here is my new log

Logfile of HijackThis v1.99.1
Scan saved at 6:15:59 PM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\windows\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\windows\System32\DRIVERS\WtSrv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\Rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\windows\wupdmgr.exe
C:\windows\osaupd.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: NQosQjIbsjLG - {A4BFDE95-0E15-743F-8D6F-C03A9BF5F21C} - C:\windows\system32\cyw.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\windows\security\FireDaemon.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\windows\System32\DRIVERS\WtSrv.exe

#13 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 20 April 2006 - 06:17 PM

Run HijackThis and fix the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

I would keep the backups for a week and see how your system is running - if it is ok then delete them.
Steven

#14 lifelessboy

lifelessboy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 20 April 2006 - 06:24 PM

do you want another hijackthis log?
i have to say my computer is runn way smoother, but I still have those exclamation points telling me i have spyware, i have NO access to my firewall, and i can only open 1 IE window at a time.

Edited by lifelessboy, 20 April 2006 - 06:30 PM.


#15 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 20 April 2006 - 07:59 PM

Did you try this to remove the desktop:

Click Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

Go here and download SilentRunners.vbs.

Run SilentRunners - wait until it says it has completed running and post the log it creates.
Steven




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users