|
| ||
| MPTFT.EXE problem Hello.....been away for a while......my previous issues were all solved...thanks for the help.....I've got some new problems now.....I ran Ad-Aware SE Plus and MacFee Virus Scan to try to clean things up....couldn't delelete mptft.exe. in C:\windows\system32 ....here's my HFT log .... appreciate any help you can give!:) Logfile of HijackThis v1.99.1 Scan saved at 6:49:30 PM, on 6/2/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\crdadcs.exe C:\WINDOWS\wmiapsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\mptft.exe C:\WINDOWS\System32\ssn6tuu.exe C:\WINDOWS\crdadcsA.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\WINDOWS\System32\ssec.exe C:\WINDOWS\System32\nr1rnqm8.exe C:\WINDOWS\System32\tfthot.exe c:\program files\mcafee.com\agent\mcagent.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Documents and Settings\Owner\Desktop\Security Utilities\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ibwjaqn.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...61/mcfscan.cab O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\crdadcs.exe O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINDOWS\wmiapsrv.exe |
| ||
| Re: MPTFT.EXE problem Hi, Download CCleaner and install it. Download The Avenger by Swandog46 to your Desktop. Do not run it now! Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ibwjaqn.exe O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\crdadcs.exe Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis. Double click on Avenger.zip to open the file and extract avenger.exe to your Desktop.
Quote:
The Avenger will automatically do the following:-
Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning. Perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log and Avenger log. |
| ||
| Re: MPTFT.EXE problem The Avenger also takes a backup of deleted files. It will be in C:\Avenger\backup.zip. Can you upload that ZIP file with your next reply? |
| ||
| Re: MPTFT.EXE problem Hi swatkat......the tasks seemed to go okay....here are the files you asked for: 1) HJT Logfile of HijackThis v1.99.1 Scan saved at 11:03:03 PM, on 6/5/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\wmiapsrv.exe C:\WINDOWS\system32\svchost.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\Program Files\Microsoft AntiSpyware\gcASSoapLib.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\IA\command.exe C:\WINDOWS\explorer.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\xfpgp.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ibwjaqn.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...61/mcfscan.cab O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\xyob2res.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINDOWS\wmiapsrv.exe 2) Avenger log Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\avlgmwmi ******************* Script file located at: \??\C:\Program Files\lmroqska.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\crdadcs.exe deleted successfully. File C:\WINDOWS\System32\mptft.exe not found! Deletion of file C:\WINDOWS\System32\mptft.exe failed! Could not process line: C:\WINDOWS\System32\mptft.exe Status: 0xc0000034 File C:\WINDOWS\System32\ssn6tuu.exe deleted successfully. File C:\WINDOWS\crdadcsA.exe deleted successfully. File C:\WINDOWS\System32\ssec.exe deleted successfully. File C:\WINDOWS\System32\nr1rnqm8.exe deleted successfully. File C:\WINDOWS\System32\tfthot.exe deleted successfully. File C:\WINDOWS\System32\ibwjaqn.exe deleted successfully. File C:\WINDOWS\ibwjaqn.exe not found! Deletion of file C:\WINDOWS\ibwjaqn.exe failed! Could not process line: C:\WINDOWS\ibwjaqn.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. 3) Kapersky log KASPERSKY ON-LINE SCANNER REPORT Monday, June 05, 2006 11:01:24 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 6/06/2006 Kaspersky Anti-Virus database records: 186695 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics Total number of scanned objects 110875 Number of viruses found 63 Number of infected objects 238 Number of suspicious objects 0 Duration of the scan process 01:24:33 Infected Object Name Virus Name Last Action C:\autodefrag.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\avenger\backup.zip/avenger/crdadcs.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup.zip/avenger/crdadcsA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup.zip/avenger/ibwjaqn.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\avenger\backup.zip/avenger/ssec.exe Infected: Trojan.Win32.Runner.h skipped C:\avenger\backup.zip ZIP: infected - 4 skipped C:\compdiag.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\corruptfix.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\defender23.exe Infected: Trojan-Downloader.Win32.VB.adw skipped C:\defender25.exe Infected: Trojan-Downloader.Win32.Adload.bx skipped C:\defragsvc.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\drsmartload743a[1].exe Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe/data.rar/mc-110-12-0000487.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe/data.rar/mc-110-12-0000487.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe/data.rar Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe RarSFX: infected - 3 skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msninstaller[1].zip Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\drsmartload45a[1].exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\keyboard23[1].exe Infected: Backdoor.Win32.VB.ary skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\keyboard25[1].exe Infected: Trojan.Win32.StartPage.aju skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\newname25[1].exe Infected: Trojan-Downloader.Win32.VB.abm skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\defender23[1].exe Infected: Trojan-Downloader.Win32.VB.adw skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\defender24[2].exe Infected: Trojan-Clicker.Win32.VB.ly skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\defender25[1].exe Infected: Trojan-Downloader.Win32.Adload.bx skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\drsmartload46a[1].exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\newname23[1].exe Infected: Trojan-Downloader.Win32.VB.adw skipped C:\drsmartload849a.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\keyboard23.exe Infected: Backdoor.Win32.VB.ary skipped C:\keyboard25.exe Infected: Trojan.Win32.StartPage.aju skipped C:\lsass.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\msdosmgr.exe/data.rar/mc-110-12-0000487.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\msdosmgr.exe/data.rar/mc-110-12-0000487.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\msdosmgr.exe/data.rar Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\msdosmgr.exe RarSFX: infected - 3 skipped C:\newname23.exe Infected: Trojan-Downloader.Win32.VB.adw skipped C:\newname25.exe Infected: Trojan-Downloader.Win32.VB.abm skipped C:\Program Files\Norton AntiVirus\Quarantine\12AB6452 Infected: Trojan-Spy.Win32.Idly.c skipped C:\Program Files\Norton AntiVirus\Quarantine\4E5D2804 Infected: Trojan-Downloader.Win32.Small.wj skipped C:\Program Files\Norton AntiVirus\Quarantine\4FCE306E Infected: Trojan-Dropper.Win32.Small.mr skipped C:\Program Files\Norton AntiVirus\Quarantine\54492976 Infected: Trojan-Downloader.Win32.Small.wj skipped C:\Program Files\Norton AntiVirus\Quarantine\55CF6D86 Infected: Trojan-Spy.Win32.Idly.c skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\012B2A72 Infected: Trojan-Downloader.Win32.Qoologic.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03335C96.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03360692.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\041F114F.dll Infected: Trojan-Downloader.Win32.Envolo.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05F87120.exe Infected: Trojan-Downloader.Win32.Intexp.c skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\068A7A69.exe Infected: Trojan-Downloader.Win32.Delmed.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06F07071.exe Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A203BAB.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B0F663A.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B472FFD.tmp Infected: Trojan-Downloader.VBS.Psyme.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B617FE0.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC03611.dll Infected: Trojan-Downloader.Win32.Qoologic.n skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC03611.exe Infected: Trojan-Downloader.Win32.Qoologic.n skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC3600D.dll Infected: Trojan-Downloader.Win32.Qoologic.n skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC60A09.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC60A09.exe NSIS: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC60A09.exe CryptFF: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BD331FB.exe Infected: Trojan-Downloader.Win32.Qoologic.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BDD2FF0.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BDD2FF0.exe Infected: Trojan-Dropper.Win32.Agent.rs skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CDC063F.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\10F237C5.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\176F7C9C.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17722699.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18394C7F.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A8A6651.exe Infected: Trojan-Downloader.Win32.Qoologic.o skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B40094C.EXE Infected: Trojan-Dropper.Win32.Small.ht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe NSIS: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe CryptFF: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20754799 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20754799.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\213706B3.dll Infected: Trojan-Clicker.Win32.Small.ez skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\213A30AF.com Infected: Trojan-Dropper.Win32.Agent.pb skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\213E5AAC.exe Infected: Trojan-Downloader.Win32.Agent.qg skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214104A8.exe Infected: Trojan-Downloader.Win32.Agent.qg skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21442EA4.exe Infected: Trojan.Win32.StartPage.nk skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214758A1.exe Infected: Trojan.Win32.StartPage.nk skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214B029D.exe Infected: Trojan-Downloader.Win32.Small.abd skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe NSIS: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe CryptFF: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21515696.dll Infected: Trojan-Downloader.Win32.Qoologic.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21622884.exe Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21687C7D.exe Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\216B2679.exe Infected: Trojan-Downloader.Win32.Pacer.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\216F5076.cpl Infected: Trojan-Downloader.Win32.Qoologic.p skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2175246F.dll Infected: Trojan-Downloader.Win32.Qoologic.p skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2175246F.exe Infected: Trojan-Dropper.Win32.Small.qn skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\218C4A55.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21921E4E.exe Infected: Trojan-Downloader.Win32.Small.abd skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2196484B.dat Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2196484B.exe Infected: Trojan-Downloader.Win32.Intexp.c skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\231C7916.exe Infected: Trojan-Downloader.Win32.Apropo.aj skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275814CA Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275814CA.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275C3EC7 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275C3EC7.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275F68C3 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275F68C3.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276212BF Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27653CBC Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27653CBC.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276966B8 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276966B8.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\277938A6.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27866098.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27890A94.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B75662 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B75662.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B75662.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27BA005E Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27BA005E.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\281617FA Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\283A65D2.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28615DA7 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\287B2D8A.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28852B80.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28C3493B.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A071A74.exe Infected: Trojan.Win32.Crypt.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A514B85.exe Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A8E1BCE Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A9145CA Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A956FC6 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2AA217B8.exe Infected: Trojan-Downloader.Win32.Pacer.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2AA217B8.fr5 Infected: Trojan.Win32.Agent.db skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BF7410C Infected: Trojan-Downloader.Win32.Qoologic.s skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DFB0DFB.exe Infected: Backdoor.Win32.SdBot.aad skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp ZIP: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp CryptFF: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip ZIP: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip CryptFF: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe/data0003 Infected: Trojan-Downloader.Win32.Small.aly skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe NSIS: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe CryptFF: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35BF752A.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35F43546.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38EB7B4B.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3C311A23.exe Infected: Backdoor.Win32.SdBot.aad skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D53662C.dll Infected: Trojan.Win32.Kolweb.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6E72C5 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6E72C5.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D711CC2 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D711CC2.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D7446BE.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E1E4E03.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E573350.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E7D0F9B Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E8A378D.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F2A40DD Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F93006A Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F995462.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40F760E2 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40FA0ADE.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41005ED7 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41242CB0.tmp Infected: Trojan-Downloader.VBS.Psyme.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\412756AC.tmp Infected: Trojan-Downloader.VBS.Psyme.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41281271.exe Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4A9E7FF8.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AAB27EA.exe Infected: Trojan.Win32.Pakes skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AAE51E6.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AAE51E6.exe Infected: Trojan-Downloader.Win32.Apropo.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4C525868.exe Infected: Trojan-Dropper.Win32.Small.qn skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\50DA393D Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\562633DC.exe Infected: Trojan-Downloader.Win32.VB.jq skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\639F5F0A.exe Infected: Trojan-Downloader.Win32.Agent.am skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63D9466D.exe Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66E91A02.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67133BD4.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A6B0951.exe Infected: Trojan-Downloader.Win32.Agent.oa skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6BBB4E8B.exe Infected: Trojan-Downloader.Win32.VB.jq skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D7648C6.exe Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EC30357 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EC62D54.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EEA7B2C.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F9B7225.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F9E1C22.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FB5264D Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70482367.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70724538.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70896B1F.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70936914.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70E82CB7.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\714D4247.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71711020.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71743A1C.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71C87554.exe Infected: Trojan-Downloader.Win32.IstBar.lh skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DC5EE6.dll Infected: Trojan.Win32.Delf.cf skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DC5EE6.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DF08E2.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DF08E2.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74602D2A.exe Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74F96281.exe Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7738114A.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7738114A.exe NSIS: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7738114A.exe CryptFF: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\795F28F6.exe Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A673522 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A673522.exe Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A934863.exe Infected: Trojan-Downloader.Win32.Delmed.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AC11508.exe Infected: Trojan.Win32.Agent.ay skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7ADE43C0.htm Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AF93E6A.exe Infected: Trojan-Downloader.Win32.Pacer.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D583153.exe Infected: Trojan.Win32.StartPage.acx skipped C:\services.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\svchost.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\drsmartload45a.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\drsmartload46a.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\drsmartload849a.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\WINDOWS\mc-110-12-0000487.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\WINDOWS\mc-110-12-0000487.exe NSIS: infected - 1 skipped C:\WINDOWS\mc-110-12-0000487.exe UPX: infected - 1 skipped C:\WINDOWS\mc-110-12-0000487.exe PE_Patch.UPX: infected - 1 skipped C:\WINDOWS\mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\WINDOWS\mc-110-12-0000488.exe NSIS: infected - 1 skipped C:\WINDOWS\mc-110-12-0000488.exe UPX: infected - 1 skipped C:\WINDOWS\mc-110-12-0000488.exe PE_Patch.UPX: infected - 1 skipped C:\WINDOWS\msnupdate.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\MTE3NDI6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy skipped C:\WINDOWS\offun.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\WINDOWS\system32\mtnfc.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\WINDOWS\system32\removefunc.ram/data.rar/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\WINDOWS\system32\removefunc.ram/data.rar/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\WINDOWS\system32\removefunc.ram/data.rar/msnupdate.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\system32\removefunc.ram/data.rar Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\system32\removefunc.ram RarSFX: infected - 4 skipped C:\WINDOWS\System32ssec.exe Infected: Trojan.Win32.Runner.h skipped C:\WINDOWS\wmiapsrv.exe Infected: Backdoor.Win32.SdBot.aad skipped Scan process completed. 4) Avenger backup.zip I can't figure out how to upload the zip file....please advise....thanks |
| ||
| Re: MPTFT.EXE problem Hi, Download WinPFind.ZIP and completely extract it to a folder. We shall do an online scan at F-Secure. Please visit: F-Secure Online Scanner Next Generation Beta 1. Click on the link "F-Secure Online Scanner Next Generation Beta". 2. You may receive an alert on the address bar at this point to install the ActiveX control. 3. Click on that alert and then Click Insall ActiveX component. 4. Read the license agreement and click "Accept". 5. Click "Full System Scan" to download the scanning components and begin scan and cleaning. 6. When done click "Show report" and copy/paste its contents into your next reply. (F-Secure scan works only in Internet Explorer browser) After the scan run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here along with F-Secure scan log. To upload the file, please use the site: http://rapidshare.de/ You can upload there by clicking the "Choose" button, select the file and click "Upload". It will give you a link to the uploaded file. Please post back that link. |
| ||
| Re: MPTFT.EXE problem Hi swatkat, first of all....here's the link for the avenger backup files from the previous post http://rapidshare.de/files/22416807/...60506.zip.html next, here's the F-Secure log and WinFind log..and I ran another HJT scan....please advise...thanks for the help....JD 1) F-Secure log Scanning Report Tuesday, June 06, 2006 21:27:13 - 00:50:55 Computer name: YOUR-LK4RLMSU41 Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ -------------------------------------------------------------------------------- Result: 193 malware found ABetterInternet.Nail (spyware) System (Disinfected) Adware.Director (spyware) System (Disinfected) Backdoor.Win32.SdBot.aad (virus) C:\WINDOWS\WMIAPSRV.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2DFB0DFB.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3C311A23.EXE (Renamed & Submitted) Backdoor.Win32.VB.ary (virus) C:\KEYBOARD23.EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7Z3VWO4T\KEYBOARD23[1].EXE (Renamed) CmdServices (spyware) System (Disinfected) CoolWebSearch (spyware) System (Disinfected) Exploit.HTML.Mht (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\03335C96.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0A203BAB.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0B0F663A.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0B617FE0.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\176F7C9C.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\18394C7F.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\20754799 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\20754799.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\275814CA (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\275814CA.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\275C3EC7 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\275C3EC7.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\275F68C3 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\275F68C3.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\276212BF (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\27653CBC (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\27653CBC.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\276966B8 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\276966B8.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\27B75662 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\27B75662.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\27BA005E (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\27BA005E.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\281617FA (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\283A65D2.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\28615DA7 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\287B2D8A.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\28C3493B.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\35F43546.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\38EB7B4B.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3D6E72C5 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3D6E72C5.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3D711CC2 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3D711CC2.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3D7446BE.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3E1E4E03.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3E7D0F9B (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3E8A378D.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3F2A40DD (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3F93006A (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3F995462.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\40F760E2 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\40FA0ADE.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\41005ED7 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\50DA393D (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\66E91A02.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\67133BD4.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6EC30357 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6EC62D54.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6EEA7B2C.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6F9B7225.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6F9E1C22.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6FB5264D (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\70482367.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\70724538.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\70896B1F.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\70936914.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\70E82CB7.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\714D4247.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\71711020.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\71743A1C.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7ADE43C0.HTM (Renamed & Submitted) Stealth_file (hidden item) C:\WINDOWS\GRFIG.DLL (Submitted) Tracking Cookie (spyware) System (Disinfected) Trojan-Clicker.Win32.Small.ez (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\213706B3.DLL (Renamed & Submitted) Trojan-Clicker.Win32.VB.ly (virus) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ESCWFPDZ\DEFENDER24[2].EXE (Renamed & Submitted) Trojan-Downloader.Win32.Adload.bo (virus) C:\AUTODEFRAG.EXE (Renamed) C:\COMPDIAG.EXE (Renamed) C:\CORRUPTFIX.EXE (Renamed) C:\DEFRAGSVC.EXE (Renamed) C:\WINDOWS\DRSMARTLOAD849A.EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LYHFJ5FM\DRSMARTLOAD849A[1].EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\5QJFZD96\DRSMARTLOAD743A[1].EXE (Renamed) Trojan-Downloader.Win32.Adload.bq (virus) C:\DRSMARTLOAD849A.EXE (Renamed) C:\LSASS.EXE (Renamed & Submitted) C:\SERVICES.EXE (Renamed) C:\SVCHOST.EXE (Renamed) C:\WINDOWS\DRSMARTLOAD45A.EXE (Renamed) C:\WINDOWS\DRSMARTLOAD46A.EXE (Renamed) C:\WINDOWS\MSNUPDATE.EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ESCWFPDZ\DRSMARTLOAD46A[1].EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7Z3VWO4T\DRSMARTLOAD45A[1].EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\5QJFZD96\MSNINSTALLER[1].ZIP (Renamed) Trojan-Downloader.Win32.Adload.bv (virus) C:\DRSMARTLOAD1.EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ESCWFPDZ\DRSMARTLOAD[1].EXE (Renamed) Trojan-Downloader.Win32.Adload.bx (virus) C:\DEFENDER25.EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ESCWFPDZ\DEFENDER25[1].EXE (Renamed) Trojan-Downloader.Win32.Agent.am (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\639F5F0A.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Agent.oa (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6A6B0951.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Agent.qg (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\213E5AAC.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\214104A8.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Apropo.aj (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\231C7916.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Apropo.t (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\4AAE51E6.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Delmed.a (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\068A7A69.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7A934863.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Envolo.a (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\041F114F.DLL (Renamed & Submitted) Trojan-Downloader.Win32.Intexp.c (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\05F87120.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2196484B.EXE (Renamed & Submitted) Trojan-Downloader.Win32.IstBar.gen (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0BDD2FF0.DLL (Renamed & Submitted) Trojan-Downloader.Win32.IstBar.lh (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\71C87554.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Pacer.d (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\216B2679.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2AA217B8.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7AF93E6A.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Pacer.j (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\21622884.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\21687C7D.EXE (Renamed) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\63D9466D.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7A673522.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Qoologic.bj (virus) C:\WINDOWS\SYSTEM32\IBWJAQN.EXE (Renamed) C:\WINDOWS\SYSTEM32\NDXCHTY.DLL (Renamed) C:\WINDOWS\SYSTEM32\HVYBPL.EXE (Renamed) C:\WINDOWS\SYSTEM32\XFPGP.EXE (Renamed) C:\WINDOWS\SYSTEM32\HVYBPL.EXE C:\WINDOWS\SYSTEM32\IBWJAQN.EXE C:\WINDOWS\SYSTEM32\NDXCHTY.DLL C:\WINDOWS\SYSTEM32\XFPGP.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\ADKCV.EXE (Renamed) Trojan-Downloader.Win32.Qoologic.n (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0BC03611.DLL (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0BC03611.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0BC3600D.DLL (Renamed & Submitted) Trojan-Downloader.Win32.Qoologic.o (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\1A8A6651.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Qoologic.p (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\216F5076.CPL (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2175246F.DLL (Renamed & Submitted) Trojan-Downloader.Win32.Qoologic.s (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2BF7410C (Renamed & Submitted) Trojan-Downloader.Win32.Qoologic.t (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\012B2A72 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\21515696.DLL (Renamed & Submitted) Trojan-Downloader.Win32.Qoologic.u (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\06F07071.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2A8E1BCE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2A9145CA (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2A956FC6 (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\41281271.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\795F28F6.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7A673522 (Renamed & Submitted) Trojan-Downloader.Win32.Qoologic.x (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0BD331FB.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Small.abd (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\214B029D.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\21921E4E.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Small.buy (virus) C:\MTE3NDI6ODOXNG.EXE (Renamed) C:\WINDOWS\MTE3NDI6ODOXNG.EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7Z3VWO4T\MTE3NDI6ODOXNG[1].EXE (Renamed) Trojan-Downloader.Win32.Small.wj (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4E5D2804 (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\54492976 (Renamed & Submitted) Trojan-Downloader.Win32.VB.abm (virus) C:\NEWNAME25.EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7Z3VWO4T\NEWNAME25[1].EXE (Renamed) Trojan-Downloader.Win32.VB.adw (virus) C:\DEFENDER23.EXE (Renamed) C:\NEWNAME23.EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ESCWFPDZ\DEFENDER23[1].EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ESCWFPDZ\NEWNAME23[1].EXE (Renamed) Trojan-Downloader.Win32.VB.jq (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\562633DC.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6BBB4E8B.EXE (Renamed & Submitted) Trojan-Downloader.Win32.VB.nw (virus) C:\WINDOWS\OFFUN.EXE (Renamed) Trojan-Dropper.Win32.Agent.hl (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\10F237C5.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\218C4A55.EXE (Renamed & Submitted) Trojan-Dropper.Win32.Agent.pb (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\213A30AF.COM (Renamed & Submitted) Trojan-Dropper.Win32.Agent.rs (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0BDD2FF0.EXE (Renamed & Submitted) Trojan-Dropper.Win32.Small.ht (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\1B40094C.EXE (Renamed & Submitted) Trojan-Dropper.Win32.Small.mr (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4FCE306E (Renamed & Submitted) Trojan-Dropper.Win32.Small.qn (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2175246F.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\4C525868.EXE (Renamed & Submitted) Trojan-Spy.Win32.Idly.c (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\12AB6452 (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\55CF6D86 (Renamed & Submitted) Trojan.Win32.Agent.ay (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7AC11508.EXE (Renamed & Submitted) Trojan.Win32.Crypt.t (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2A071A74.EXE (Renamed & Submitted) Trojan.Win32.Delf.cf (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\72DC5EE6.DLL (Renamed & Submitted) Trojan.Win32.Kolweb.a (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\35BF752A.SYS (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3E573350.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\4A9E7FF8.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\4AAE51E6.DLL (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\72DC5EE6.SYS (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\72DF08E2.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\72DF08E2.SYS (Renamed & Submitted) Trojan.Win32.Kolweb.d (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3D53662C.DLL (Renamed & Submitted) Trojan.Win32.Pakes (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\4AAB27EA.EXE (Renamed & Submitted) Trojan.Win32.Registrator.b (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2A514B85.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6D7648C6.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\74602D2A.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\74F96281.EXE (Renamed & Submitted) Trojan.Win32.Runner.h (virus) C:\WINDOWS\SYSTEM32SSEC.EXE (Renamed) Trojan.Win32.StartPage.acx (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7D583153.EXE (Renamed & Submitted) Trojan.Win32.StartPage.aju (virus) C:\KEYBOARD25.EXE (Renamed) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7Z3VWO4T\KEYBOARD25[1].EXE (Renamed) Trojan.Win32.StartPage.nk (virus) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\21442EA4.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\214758A1.EXE (Renamed & Submitted) Win32.Trojan.Downloader (spyware) System (Disinfected) iSearch Toolbar (spyware) System (Disinfected) win32.Trojan.Dnschanger (spyware) System (Disinfected) -------------------------------------------------------------------------------- Statistics Scanned: Files: 33235 System: 17408 Not scanned: 4 Actions: Disinfected: 8 Renamed: 180 Deleted: 0 None: 5 Submitted: 140 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\RECYCLER\NPROTECT\00177437.XML -------------------------------------------------------------------------------- Options Scanning engines: F-Secure AVP: 6.0.171, 2006-06-06 F-Secure Libra: 2.4.1, 2006-06-06 F-Secure Orion: 1.2.37, 2006-06-05 F-Secure Blacklight: 1.0.31, 0000-00-00 F-Secure Pegasus: 1.19.0, 2006-00-19 F-Secure Draco: 1.0.35, 2006-06-01 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX Use Advanced heuristics -------------------------------------------------------------------------------- Copyright © 1998-2006 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. 2) WinFind log WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... UPX! 6/1/2006 8:18:02 PM 362496 C:\526_620.exe PEC2 5/31/2006 7:19:52 PM 14336 C:\AUTODEFRAG.0XE PECompact2 5/31/2006 7:19:52 PM 14336 C:\AUTODEFRAG.0XE PEC2 5/31/2006 4:42:44 PM 14336 C:\COMPDIAG.0XE PECompact2 5/31/2006 4:42:44 PM 14336 C:\COMPDIAG.0XE PEC2 5/31/2006 4:28:36 PM 14336 C:\CORRUPTFIX.0XE PECompact2 5/31/2006 4:28:36 PM 14336 C:\CORRUPTFIX.0XE PEC2 6/1/2006 9:41:54 PM 14336 C:\DEFRAGSVC.0XE PECompact2 6/1/2006 9:41:54 PM 14336 C:\DEFRAGSVC.0XE PEC2 5/29/2006 9:50:54 PM 12288 C:\LSASS.0XE PECompact2 5/29/2006 9:50:54 PM 12288 C:\LSASS.0XE UPX! 5/26/2006 10:35:58 PM 26036 C:\mc-110-12-0000228.exe PEC2 5/26/2006 10:34:22 PM 12288 C:\SERVICES.0XE PECompact2 5/26/2006 10:34:22 PM 12288 C:\SERVICES.0XE PEC2 5/28/2006 11:35:14 AM 12288 C:\SVCHOST.0XE PECompact2 5/28/2006 11:35:14 AM 12288 C:\SVCHOST.0XE Checking %ProgramFilesDir% folder... Checking %WinDir% folder... aspack 11/28/2004 9:10:44 PM 1343999 C:\WINDOWS\Aurexkb.ehu PTech 11/28/2004 9:10:44 PM 1343999 C:\WINDOWS\Aurexkb.ehu PTech 11/28/2004 9:10:52 PM 1073501 C:\WINDOWS\Flgczsswjyh.lzw PEC2 11/28/2004 9:10:40 PM 184535 C:\WINDOWS\Iingbqeu.aaw PTech 11/28/2004 9:10:46 PM 483851 C:\WINDOWS\Iwwcitsg.dua PECompact2 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\lpt$vpn.719 qoologic 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\lpt$vpn.719 SAHAgent 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\lpt$vpn.719 PEC2 5/29/2006 9:08:56 PM 108462 C:\WINDOWS\manager.exe PECompact2 5/29/2006 9:08:56 PM 108462 C:\WINDOWS\manager.exe UPX! 5/30/2006 11:13:14 PM 29251 C:\WINDOWS\mc-110-12-0000487.exe UPX! 5/29/2006 8:45:58 PM 29251 C:\WINDOWS\mc-110-12-0000488.exe PEC2 5/23/2006 4:48:56 PM 12288 C:\WINDOWS\MSNUPDATE.0XE PECompact2 5/23/2006 4:48:56 PM 12288 C:\WINDOWS\MSNUPDATE.0XE PEC2 11/28/2004 9:10:42 PM 193869 C:\WINDOWS\Mxacorse.trv UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe PECompact2 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\VPTNFILE.719 qoologic 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\VPTNFILE.719 SAHAgent 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\VPTNFILE.719 UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll PEC2 5/15/2006 10:03:12 PM RHS 69632 C:\WINDOWS\WMIAPSRV.0XE PECompact2 5/15/2006 10:03:12 PM RHS 69632 C:\WINDOWS\WMIAPSRV.0XE PTech 11/28/2004 9:10:50 PM 1626626 C:\WINDOWS\Wpkrkcqrrjf.uwm Checking %System% folder... PEC2 8/29/2002 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 8/20/2004 4:56:24 PM 59914 C:\WINDOWS\SYSTEM32\igfxhcsy.lhp Umonitor 11/3/1998 2:01:02 AM 324096 C:\WINDOWS\SYSTEM32\ipebase11.dll 69.59.186.63 6/1/2006 8:18:00 PM 51712 C:\WINDOWS\SYSTEM32\NDXCHTY.0LL 209.66.67.134 6/1/2006 8:18:00 PM 51712 C:\WINDOWS\SYSTEM32\NDXCHTY.0LL web-nex 6/1/2006 8:18:00 PM 51712 C:\WINDOWS\SYSTEM32\NDXCHTY.0LL Umonitor 8/29/2002 8:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 6/5/2006 9:40:46 PM HS 182169 C:\WINDOWS\SYSTEM32\removefunc.ram winsync 8/29/2002 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 6/6/2006 8:48:22 PM S 2048 C:\WINDOWS\bootstat.dat 5/15/2006 10:03:12 PM RHS 69632 C:\WINDOWS\WMIAPSRV.0XE 6/5/2006 9:40:46 PM HS 182169 C:\WINDOWS\system32\removefunc.ram 6/7/2006 12:50:32 AM H 1024 C:\WINDOWS\system32\config\default.LOG 6/7/2006 12:54:40 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG 6/6/2006 8:52:00 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 6/7/2006 1:03:56 AM H 1024 C:\WINDOWS\system32\config\software.LOG 6/7/2006 12:56:28 AM H 1024 C:\WINDOWS\system32\config\system.LOG 5/13/2006 9:45:58 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 6/7/2006 12:54:46 AM HS 190 C:\WINDOWS\Tasks\RUTASK.job 6/6/2006 8:48:24 PM H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 8/29/2002 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 9/20/2004 4:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL Microsoft Corporation 8/29/2002 8:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl 5/11/2001 1:00:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Hewlett-Packard 1/26/1999 1:06:28 AM 25524 C:\WINDOWS\SYSTEM32\hpsctrlc.cpl Intel Corporation 8/20/2004 4:53:06 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl InstallShield Software Corporation6/16/2004 7:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems 2/20/2003 5:42:34 PM 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 5/3/2003 2:19:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl Softex, Inc 2/21/2003 7:06:04 AM 32768 C:\WINDOWS\SYSTEM32\scurecpl.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl The Weather Channel Interactive4/6/2005 4:21:18 PM 3006464 C:\WINDOWS\SYSTEM32\wxfw.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 8/29/2002 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl Intel Corporation 4/7/2003 10:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\igfxcpl.cpl Intel Corporation 4/7/2003 10:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\igfxcpl.cpl Realtek Semiconductor Corp. 6/28/2003 12:40:32 AM 8606208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 6/1/2006 8:18:00 PM 127488 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ADKCV.0XE 11/29/2005 11:17:04 PM 1765 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 3/27/2004 2:54:38 PM 1903 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk 7/24/2003 4:29:10 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini 11/27/2004 11:56:28 AM 1031 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk 1/18/2005 10:51:12 PM 1738 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk 7/24/2003 5:47:38 AM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 7/23/2003 9:21:56 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini Checking files in %USERPROFILE%\Startup folder... 7/24/2003 4:29:10 AM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini 7/26/2003 4:57:50 AM 844 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk Checking files in %USERPROFILE%\Application Data folder... 7/23/2003 9:21:56 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini 3/17/2006 6:08:46 PM 142136 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 3/10/2005 3:51:34 PM 12358 C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB 3/10/2005 3:51:34 PM 61678 C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB 8/21/2005 8:14:32 PM 445676 C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] {A540394A-5C21-4E23-8862-6D646D1D17FF} = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mysxkqsf {0d972e4e-ee63-4082-8d59-c68f40bb9afb} = HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\OPShellE {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} = C:\Program Files\Softex\OmniPass\opshelle.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\OPShellE {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} = C:\Program Files\Softex\OmniPass\opshelle.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} = c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} Yvakt Class = C:\WINDOWS\System32\x3cqp0.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5E2A3E7-00FE-4D31-A030-A10799DDCA66} = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {DE9C389F-3316-41A7-809B-AA305ED9D922} = AOL Toolbar : C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll {BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578} ButtonText = AOL Toolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4ABF810A-F11D-4169-9D5F-7D274F2270A1} MenuText = Java : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\PROGRA~1\AIM\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} ButtonText = MoneySide : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = : {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} = : {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {DE9C389F-3316-41A7-809B-AA305ED9D922} = AOL Toolbar : C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] hpsysdrv c:\windows\system\hpsysdrv.exe HotKeysCmds C:\WINDOWS\System32\hkcmd.exe KBD C:\HP\KBD\KBD.EXE StorageGuard "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Recguard C:\WINDOWS\SMINST\RECGUARD.EXE NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz nwiz.exe /installquiet /keeploaded /nodetect PS2 C:\WINDOWS\system32\ps2.exe QuickFinder Scheduler "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" hplampc C:\WINDOWS\system32\hplampc.exe Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] NVIEW rundll32.exe nview.dll,nViewLoadHook AWMON "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run bgtxdii.exe C:\WINDOWS\system\bgtxdii.exe eiicupd.exe C:\WINDOWS\system\eiicupd.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder = C:\WINDOWS\system32\xyob2res.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui = igfxsrvc.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif = wzcdlg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 6/7/2006 1:10:11 AM 3) HJT Logfile of HijackThis v1.99.1 Scan saved at 1:14:50 AM, on 6/7/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\IA\command.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\wmiapsrv.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\lexpps.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: ADKCV.0XE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...61/mcfscan.cab O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\xyob2res.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing) O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINDOWS\wmiapsrv.exe (file missing) |
| ||
| Re: MPTFT.EXE problem Hi, Thanks for the files :) And, F-Secure has removed some files there. Now, to delete the remiang "baddies"! Download CCleaner and install it. Do not run it now! Copy the below quoted text (which is a script for Avenger) into your clipboard by highlighting it and pressing CTRL C keys:- Quote:
The Avenger will automatically do the following:-
Next, reboot to Safe Mode. Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named Command Service (cmdService) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK". Do the same process (of stopping and disabling) for these Services too:- Network Monitor (WMIPerAddOn) Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file) O4 - Global Startup: ADKCV.0XE O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\xyob2res.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) (WMIPerAddOn) - Unknown owner - C:\WINDOWS\wmiapsrv.exe (file missing) Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis. Now run CCleaner, click the "Options" button in the left pane of CCleaner. Here, click "Settings" and then click "Advanced" button. Here, Uncheck the options "Only delete files in Windows Temp folder older than 48 hours" and "Show prompt to backup registry issues".After unchecking them, click the "Issues" button in the left pane. Here, click "Scan for issues". It takes some time to scan. Once it finishes the scan, click "Fix selected issues". This opens up a new window, here click "Fix all selected issues" button to remove all the detected issues.After this, click the "Cleaner" button in the left pane and click "Run Cleaner" to clean the temp files. Reboot to Normal Mode. Perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log and Avenger log. |
| ||
| Re: MPTFT.EXE problem Hi swatkat.........this one went smoother than the laptop issue you are helping out with! Here are the Avenger, Kaspersky and HJT logs. Thanks for the help....JD 1) Avenger Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\pmdmcwav ******************* Script file located at: \??\C:\WINDOWS\yyobbanv.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:WINDOWSGRFIG.DLL not found! Deletion of file C:WINDOWSGRFIG.DLL failed! Could not process line: C:WINDOWSGRFIG.DLL Status: 0xc0000034 File C:AUTODEFRAG.EXE not found! Deletion of file C:AUTODEFRAG.EXE failed! Could not process line: C:AUTODEFRAG.EXE Status: 0xc0000034 File C:COMPDIAG.EXE not found! Deletion of file C:COMPDIAG.EXE failed! Could not process line: C:COMPDIAG.EXE Status: 0xc0000034 File C:CORRUPTFIX.EXE not found! Deletion of file C:CORRUPTFIX.EXE failed! Could not process line: C:CORRUPTFIX.EXE Status: 0xc0000034 File C:DEFRAGSVC.EXE not found! Deletion of file C:DEFRAGSVC.EXE failed! Could not process line: C:DEFRAGSVC.EXE Status: 0xc0000034 File C:WINDOWSDRSMARTLOAD849A.EXE not found! Deletion of file C:WINDOWSDRSMARTLOAD849A.EXE failed! Could not process line: C:WINDOWSDRSMARTLOAD849A.EXE Status: 0xc0000034 File C:DRSMARTLOAD849A.EXE not found! Deletion of file C:DRSMARTLOAD849A.EXE failed! Could not process line: C:DRSMARTLOAD849A.EXE Status: 0xc0000034 File C:LSASS.EXE not found! Deletion of file C:LSASS.EXE failed! Could not process line: C:LSASS.EXE Status: 0xc0000034 File C:SERVICES.EXE not found! Deletion of file C:SERVICES.EXE failed! Could not process line: C:SERVICES.EXE Status: 0xc0000034 File C:SVCHOST.EXE not found! Deletion of file C:SVCHOST.EXE failed! Could not process line: C:SVCHOST.EXE Status: 0xc0000034 File C:WINDOWSDRSMARTLOAD45A.EXE not found! Deletion of file C:WINDOWSDRSMARTLOAD45A.EXE failed! Could not process line: C:WINDOWSDRSMARTLOAD45A.EXE Status: 0xc0000034 File C:WINDOWSDRSMARTLOAD46A.EXE not found! Deletion of file C:WINDOWSDRSMARTLOAD46A.EXE failed! Could not process line: C:WINDOWSDRSMARTLOAD46A.EXE Status: 0xc0000034 File C:WINDOWSMSNUPDATE.EXE not found! Deletion of file C:WINDOWSMSNUPDATE.EXE failed! Could not process line: C:WINDOWSMSNUPDATE.EXE Status: 0xc0000034 File C:DRSMARTLOAD1.EXE not found! Deletion of file C:DRSMARTLOAD1.EXE failed! Could not process line: C:DRSMARTLOAD1.EXE Status: 0xc0000034 File C:DEFENDER25.EXE not found! Deletion of file C:DEFENDER25.EXE failed! Could not process line: C:DEFENDER25.EXE Status: 0xc0000034 File C:WINDOWSSYSTEM32IBWJAQN.EXE not found! Deletion of file C:WINDOWSSYSTEM32IBWJAQN.EXE failed! Could not process line: C:WINDOWSSYSTEM32IBWJAQN.EXE Status: 0xc0000034 File C:WINDOWSSYSTEM32NDXCHTY.DLL not found! Deletion of file C:WINDOWSSYSTEM32NDXCHTY.DLL failed! Could not process line: C:WINDOWSSYSTEM32NDXCHTY.DLL Status: 0xc0000034 File C:WINDOWSSYSTEM32HVYBPL.EXE not found! Deletion of file C:WINDOWSSYSTEM32HVYBPL.EXE failed! Could not process line: C:WINDOWSSYSTEM32HVYBPL.EXE Status: 0xc0000034 File C:WINDOWSSYSTEM32XFPGP.EXE not found! Deletion of file C:WINDOWSSYSTEM32XFPGP.EXE failed! Could not process line: C:WINDOWSSYSTEM32XFPGP.EXE Status: 0xc0000034 File C:WINDOWSSYSTEM32HVYBPL.EXE not found! Deletion of file C:WINDOWSSYSTEM32HVYBPL.EXE failed! Could not process line: C:WINDOWSSYSTEM32HVYBPL.EXE Status: 0xc0000034 File C:WINDOWSSYSTEM32IBWJAQN.EXE not found! Deletion of file C:WINDOWSSYSTEM32IBWJAQN.EXE failed! Could not process line: C:WINDOWSSYSTEM32IBWJAQN.EXE Status: 0xc0000034 File C:WINDOWSSYSTEM32NDXCHTY.DLL not found! Deletion of file C:WINDOWSSYSTEM32NDXCHTY.DLL failed! Could not process line: C:WINDOWSSYSTEM32NDXCHTY.DLL Status: 0xc0000034 File C:WINDOWSSYSTEM32XFPGP.EXE not found! Deletion of file C:WINDOWSSYSTEM32XFPGP.EXE failed! Could not process line: C:WINDOWSSYSTEM32XFPGP.EXE Status: 0xc0000034 File C:DOCUMENTS AND SETTINGSALL USERSSTART MENUPROGRAMSSTARTUPADKCV.EXE not found! Deletion of file C:DOCUMENTS AND SETTINGSALL USERSSTART MENUPROGRAMSSTARTUPADKCV.EXE failed! Could not process line: C:DOCUMENTS AND SETTINGSALL USERSSTART MENUPROGRAMSSTARTUPADKCV.EXE Status: 0xc0000034 File C:NEWNAME25.EXE not found! Deletion of file C:NEWNAME25.EXE failed! Could not process line: C:NEWNAME25.EXE Status: 0xc0000034 File C:DEFENDER23.EXE not found! Deletion of file C:DEFENDER23.EXE failed! Could not process line: C:DEFENDER23.EXE Status: 0xc0000034 File C:NEWNAME23.EXE not found! Deletion of file C:NEWNAME23.EXE failed! Could not process line: C:NEWNAME23.EXE Status: 0xc0000034 File C:WINDOWSOFFUN.EXE not found! Deletion of file C:WINDOWSOFFUN.EXE failed! Could not process line: C:WINDOWSOFFUN.EXE Status: 0xc0000034 File C:WINDOWSSYSTEM32SSEC.EXE not found! Deletion of file C:WINDOWSSYSTEM32SSEC.EXE failed! Could not process line: C:WINDOWSSYSTEM32SSEC.EXE Status: 0xc0000034 File C:KEYBOARD25.EXE not found! Deletion of file C:KEYBOARD25.EXE failed! Could not process line: C:KEYBOARD25.EXE Status: 0xc0000034 File C:526_620.exe not found! Deletion of file C:526_620.exe failed! Could not process line: C:526_620.exe Status: 0xc0000034 File C:AUTODEFRAG.0XE not found! Deletion of file C:AUTODEFRAG.0XE failed! Could not process line: C:AUTODEFRAG.0XE Status: 0xc0000034 File C:COMPDIAG.0XE not found! Deletion of file C:COMPDIAG.0XE failed! Could not process line: C:COMPDIAG.0XE Status: 0xc0000034 File C:COMPDIAG.0XE not found! Deletion of file C:COMPDIAG.0XE failed! Could not process line: C:COMPDIAG.0XE Status: 0xc0000034 File C:CORRUPTFIX.0XE not found! Deletion of file C:CORRUPTFIX.0XE failed! Could not process line: C:CORRUPTFIX.0XE Status: 0xc0000034 File C:DEFRAGSVC.0XE not found! Deletion of file C:DEFRAGSVC.0XE failed! Could not process line: C:DEFRAGSVC.0XE Status: 0xc0000034 File C:LSASS.0XE not found! Deletion of file C:LSASS.0XE failed! Could not process line: C:LSASS.0XE Status: 0xc0000034 File C:mc-110-12-0000228.exe not found! Deletion of file C:mc-110-12-0000228.exe failed! Could not process line: C:mc-110-12-0000228.exe Status: 0xc0000034 File C:SERVICES.0XE not found! Deletion of file C:SERVICES.0XE failed! Could not process line: C:SERVICES.0XE Status: 0xc0000034 File C:SVCHOST.0XE not found! Deletion of file C:SVCHOST.0XE failed! Could not process line: C:SVCHOST.0XE Status: 0xc0000034 File C:WINDOWSAurexkb.ehu not found! Deletion of file C:WINDOWSAurexkb.ehu failed! Could not process line: C:WINDOWSAurexkb.ehu Status: 0xc0000034 File C:WINDOWSFlgczsswjyh.lzw not found! Deletion of file C:WINDOWSFlgczsswjyh.lzw failed! Could not process line: C:WINDOWSFlgczsswjyh.lzw Status: 0xc0000034 File C:WINDOWSIingbqeu.aaw not found! Deletion of file C:WINDOWSIingbqeu.aaw failed! Could not process line: C:WINDOWSIingbqeu.aaw Status: 0xc0000034 File C:WINDOWSIwwcitsg.dua not found! Deletion of file C:WINDOWSIwwcitsg.dua failed! Could not process line: C:WINDOWSIwwcitsg.dua Status: 0xc0000034 File C:WINDOWSmanager.exe not found! Deletion of file C:WINDOWSmanager.exe failed! Could not process line: C:WINDOWSmanager.exe Status: 0xc0000034 File C:WINDOWSmc-110-12-0000487.exe not found! Deletion of file C:WINDOWSmc-110-12-0000487.exe failed! Could not process line: C:WINDOWSmc-110-12-0000487.exe Status: 0xc0000034 File C:WINDOWSmc-110-12-0000488.exe not found! Deletion of file C:WINDOWSmc-110-12-0000488.exe failed! Could not process line: C:WINDOWSmc-110-12-0000488.exe Status: 0xc0000034 File C:WINDOWSMSNUPDATE.0XE not found! Deletion of file C:WINDOWSMSNUPDATE.0XE failed! Could not process line: C:WINDOWSMSNUPDATE.0XE Status: 0xc0000034 File C:WINDOWSMxacorse.trv not found! Deletion of file C:WINDOWSMxacorse.trv failed! Could not process line: C:WINDOWSMxacorse.trv Status: 0xc0000034 File C:WINDOWSWMIAPSRV.0XE not found! Deletion of file C:WINDOWSWMIAPSRV.0XE failed! Could not process line: C:WINDOWSWMIAPSRV.0XE Status: 0xc0000034 File C:WINDOWSWpkrkcqrrjf.uwm not found! Deletion of file C:WINDOWSWpkrkcqrrjf.uwm failed! Could not process line: C:WINDOWSWpkrkcqrrjf.uwm Status: 0xc0000034 File C:WINDOWSSYSTEM32NDXCHTY.0LL not found! Deletion of file C:WINDOWSSYSTEM32NDXCHTY.0LL failed! Could not process line: C:WINDOWSSYSTEM32NDXCHTY.0LL Status: 0xc0000034 File C:WINDOWSSYSTEM32removefunc.ram not found! Deletion of file C:WINDOWSSYSTEM32removefunc.ram failed! Could not process line: C:WINDOWSSYSTEM32removefunc.ram Status: 0xc0000034 File C:WINDOWSWMIAPSRV.0XE not found! Deletion of file C:WINDOWSWMIAPSRV.0XE failed! Could not process line: C:WINDOWSWMIAPSRV.0XE Status: 0xc0000034 File C:WINDOWSTasksRUTASK.job not found! Deletion of file C:WINDOWSTasksRUTASK.job failed! Could not process line: C:WINDOWSTasksRUTASK.job Status: 0xc0000034 File C:Documents and SettingsAll UsersStart MenuProgramsStartupADKCV.0XE not found! Deletion of file C:Documents and SettingsAll UsersStart MenuProgramsStartupADKCV.0XE failed! Could not process line: C:Documents and SettingsAll UsersStart MenuProgramsStartupADKCV.0XE Status: 0xc0000034 File C:Documents and SettingsOwnerApplication DataSskknwrd.dll not found! Deletion of file C:Documents and SettingsOwnerApplication DataSskknwrd.dll failed! Could not process line: C:Documents and SettingsOwnerApplication DataSskknwrd.dll Status: 0xc0000034 File C:WINDOWSSystem32x3cqp0.dll not found! Deletion of file C:WINDOWSSystem32x3cqp0.dll failed! Could not process line: C:WINDOWSSystem32x3cqp0.dll Status: 0xc0000034 File C:WINDOWSsystembgtxdii.exe not found! Deletion of file C:WINDOWSsystembgtxdii.exe failed! Could not process line: C:WINDOWSsystembgtxdii.exe Status: 0xc0000034 File C:WINDOWSsystemeiicupd.exe not found! Deletion of file C:WINDOWSsystemeiicupd.exe failed! Could not process line: C:WINDOWSsystemeiicupd.exe Status: 0xc0000034 File C:WINDOWSsystem32xyob2res.dll not found! Deletion of file C:WINDOWSsystem32xyob2res.dll failed! Could not process line: C:WINDOWSsystem32xyob2res.dll Status: 0xc0000034 File C:WINDOWSIAcommand.exe not found! Deletion of file C:WINDOWSIAcommand.exe failed! Could not process line: C:WINDOWSIAcommand.exe Status: 0xc0000034 Folder C:WINDOWSIA not found! Deletion of folder C:WINDOWSIA failed! Could not process line: C:WINDOWSIA Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. 2) Kaspersky scan log KASPERSKY ON-LINE SCANNER REPORT Thursday, June 08, 2006 6:34:45 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 8/06/2006 Kaspersky Anti-Virus database records: 187146 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 111416 Number of viruses found 64 Number of infected objects 246 Number of suspicious objects 0 Duration of the scan process 01:25:11 Infected Object Name Virus Name Last Action C:\avenger\backup.zip/avenger/crdadcs.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup.zip/avenger/crdadcsA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup.zip/avenger/ibwjaqn.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\avenger\backup.zip/avenger/ssec.exe Infected: Trojan.Win32.Runner.h skipped C:\avenger\backup.zip ZIP: infected - 4 skipped C:\avenger\backup_PC 060506.zip/avenger/crdadcs.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup_PC 060506.zip/avenger/crdadcsA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup_PC 060506.zip/avenger/ibwjaqn.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\avenger\backup_PC 060506.zip/avenger/ssec.exe Infected: Trojan.Win32.Runner.h skipped C:\avenger\backup_PC 060506.zip ZIP: infected - 4 skipped C:\COMPDIAG.0XE Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\CORRUPTFIX.0XE Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\DEFENDER23.0XE Infected: Trojan-Downloader.Win32.VB.adw skipped C:\DEFENDER25.0XE Infected: Trojan-Downloader.Win32.Adload.bx skipped C:\DEFRAGSVC.0XE Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\DRSMARTLOAD743A[1].0XE Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe/data.rar/mc-110-12-0000487.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe/data.rar/mc-110-12-0000487.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe/data.rar Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe RarSFX: infected - 3 skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\MSNINSTALLER[1].0IP Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\DRSMARTLOAD45A[1].0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\KEYBOARD23[1].0XE Infected: Backdoor.Win32.VB.ary skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\KEYBOARD25[1].0XE Infected: Trojan.Win32.StartPage.aju skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\MTE3NDI6ODOXNG[1].0XE Infected: Trojan-Downloader.Win32.Small.buy skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\NEWNAME25[1].0XE Infected: Trojan-Downloader.Win32.VB.abm skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\DEFENDER23[1].0XE Infected: Trojan-Downloader.Win32.VB.adw skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\DEFENDER24[2].0XE Infected: Trojan-Clicker.Win32.VB.ly skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\DEFENDER25[1].0XE Infected: Trojan-Downloader.Win32.Adload.bx skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\DRSMARTLOAD46A[1].0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\DRSMARTLOAD[1].0XE Infected: Trojan-Downloader.Win32.Adload.bv skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\NEWNAME23[1].0XE Infected: Trojan-Downloader.Win32.VB.adw skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LYHFJ5FM\DRSMARTLOAD849A[1].0XE Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\KEYBOARD23.0XE Infected: Backdoor.Win32.VB.ary skipped C:\KEYBOARD25.0XE Infected: Trojan.Win32.StartPage.aju skipped C:\LSASS.0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\msdosmgr.exe/data.rar/mc-110-12-0000487.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\msdosmgr.exe/data.rar/mc-110-12-0000487.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\msdosmgr.exe/data.rar Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\msdosmgr.exe RarSFX: infected - 3 skipped C:\NEWNAME23.0XE Infected: Trojan-Downloader.Win32.VB.adw skipped C:\NEWNAME25.0XE Infected: Trojan-Downloader.Win32.VB.abm skipped C:\Program Files\Norton AntiVirus\Quarantine\12AB6452.0 Infected: Trojan-Spy.Win32.Idly.c skipped C:\Program Files\Norton AntiVirus\Quarantine\4E5D2804.0 Infected: Trojan-Downloader.Win32.Small.wj skipped C:\Program Files\Norton AntiVirus\Quarantine\4FCE306E.0 Infected: Trojan-Dropper.Win32.Small.mr skipped C:\Program Files\Norton AntiVirus\Quarantine\54492976.0 Infected: Trojan-Downloader.Win32.Small.wj skipped C:\Program Files\Norton AntiVirus\Quarantine\55CF6D86.0 Infected: Trojan-Spy.Win32.Idly.c skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\012B2A72.0 Infected: Trojan-Downloader.Win32.Qoologic.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03335C96.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03360692.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\041F114F.0LL Infected: Trojan-Downloader.Win32.Envolo.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05F87120.0XE Infected: Trojan-Downloader.Win32.Intexp.c skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\068A7A69.0XE Infected: Trojan-Downloader.Win32.Delmed.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06F07071.0XE Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A203BAB.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B0F663A.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B472FFD.tmp Infected: Trojan-Downloader.VBS.Psyme.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B617FE0.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC03611.0LL Infected: Trojan-Downloader.Win32.Qoologic.n skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC03611.0XE Infected: Trojan-Downloader.Win32.Qoologic.n skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC3600D.0LL Infected: Trojan-Downloader.Win32.Qoologic.n skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC60A09.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC60A09.exe NSIS: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC60A09.exe CryptFF: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BD331FB.0XE Infected: Trojan-Downloader.Win32.Qoologic.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BDD2FF0.0LL Infected: Trojan-Downloader.Win32.IstBar.gen skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BDD2FF0.0XE Infected: Trojan-Dropper.Win32.Agent.rs skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CDC063F.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\10F237C5.0XE Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\176F7C9C.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17722699.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18394C7F.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A8A6651.0XE Infected: Trojan-Downloader.Win32.Qoologic.o skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B40094C.0XE Infected: Trojan-Dropper.Win32.Small.ht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe NSIS: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe CryptFF: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20754799.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20754799.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\213706B3.0LL Infected: Trojan-Clicker.Win32.Small.ez skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\213A30AF.0OM Infected: Trojan-Dropper.Win32.Agent.pb skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\213E5AAC.0XE Infected: Trojan-Downloader.Win32.Agent.qg skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214104A8.0XE Infected: Trojan-Downloader.Win32.Agent.qg skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21442EA4.0XE Infected: Trojan.Win32.StartPage.nk skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214758A1.0XE Infected: Trojan.Win32.StartPage.nk skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214B029D.0XE Infected: Trojan-Downloader.Win32.Small.abd skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe NSIS: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe CryptFF: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21515696.0LL Infected: Trojan-Downloader.Win32.Qoologic.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21622884.0XE Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21687C7D.0XE Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\216B2679.0XE Infected: Trojan-Downloader.Win32.Pacer.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\216F5076.0PL Infected: Trojan-Downloader.Win32.Qoologic.p skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2175246F.0LL Infected: Trojan-Downloader.Win32.Qoologic.p skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2175246F.0XE Infected: Trojan-Dropper.Win32.Small.qn skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\218C4A55.0XE Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21921E4E.0XE Infected: Trojan-Downloader.Win32.Small.abd skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2196484B.0XE Infected: Trojan-Downloader.Win32.Intexp.c skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2196484B.dat Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\231C7916.0XE Infected: Trojan-Downloader.Win32.Apropo.aj skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275814CA.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275814CA.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275C3EC7.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275C3EC7.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275F68C3.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275F68C3.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276212BF.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27653CBC.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27653CBC.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276966B8.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276966B8.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\277938A6.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27866098.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27890A94.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B75662.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B75662.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B75662.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27BA005E.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27BA005E.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\281617FA.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\283A65D2.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28615DA7.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\287B2D8A.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28852B80.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28C3493B.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A071A74.0XE Infected: Trojan.Win32.Crypt.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A514B85.0XE Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A8E1BCE.0 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A9145CA.0 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A956FC6.0 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2AA217B8.0XE Infected: Trojan-Downloader.Win32.Pacer.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2AA217B8.fr5 Infected: Trojan.Win32.Agent.db skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BF7410C.0 Infected: Trojan-Downloader.Win32.Qoologic.s skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DFB0DFB.0XE Infected: Backdoor.Win32.SdBot.aad skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp ZIP: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp CryptFF: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip ZIP: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip CryptFF: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe/data0003 Infected: Trojan-Downloader.Win32.Small.aly skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe NSIS: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe CryptFF: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35BF752A.0YS Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35F43546.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38EB7B4B.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3C311A23.0XE Infected: Backdoor.Win32.SdBot.aad skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D53662C.0LL Infected: Trojan.Win32.Kolweb.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6E72C5.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6E72C5.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D711CC2.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D711CC2.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D7446BE.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E1E4E03.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E573350.0XE Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E7D0F9B.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E8A378D.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F2A40DD.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F93006A.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F995462.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40F760E2.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40FA0ADE.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41005ED7.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41242CB0.tmp Infected: Trojan-Downloader.VBS.Psyme.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\412756AC.tmp Infected: Trojan-Downloader.VBS.Psyme.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41281271.0XE Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4A9E7FF8.0XE Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AAB27EA.0XE Infected: Trojan.Win32.Pakes skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AAE51E6.0LL Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AAE51E6.0XE Infected: Trojan-Downloader.Win32.Apropo.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4C525868.0XE Infected: Trojan-Dropper.Win32.Small.qn skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\50DA393D.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\562633DC.0XE Infected: Trojan-Downloader.Win32.VB.jq skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\639F5F0A.0XE Infected: Trojan-Downloader.Win32.Agent.am skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63D9466D.0XE Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66E91A02.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67133BD4.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A6B0951.0XE Infected: Trojan-Downloader.Win32.Agent.oa skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6BBB4E8B.0XE Infected: Trojan-Downloader.Win32.VB.jq skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D7648C6.0XE Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EC30357.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EC62D54.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EEA7B2C.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F9B7225.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F9E1C22.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FB5264D.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70482367.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70724538.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70896B1F.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70936914.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70E82CB7.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\714D4247.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71711020.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71743A1C.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71C87554.0XE Infected: Trojan-Downloader.Win32.IstBar.lh skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DC5EE6.0LL Infected: Trojan.Win32.Delf.cf skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DC5EE6.0YS Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DF08E2.0XE Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DF08E2.0YS Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74602D2A.0XE Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74F96281.0XE Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7738114A.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7738114A.exe NSIS: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7738114A.exe CryptFF: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\795F28F6.0XE Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A673522.0 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A673522.0XE Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A934863.0XE Infected: Trojan-Downloader.Win32.Delmed.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AC11508.0XE Infected: Trojan.Win32.Agent.ay skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7ADE43C0.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AF93E6A.0XE Infected: Trojan-Downloader.Win32.Pacer.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D583153.0XE Infected: Trojan.Win32.StartPage.acx skipped C:\SERVICES.0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\SVCHOST.0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\DRSMARTLOAD45A.0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\DRSMARTLOAD46A.0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\DRSMARTLOAD849A.0XE Infected: Trojan-Downloader.Win32.Adload.bo skipped C:\WINDOWS\mc-110-12-0000487.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\WINDOWS\mc-110-12-0000487.exe NSIS: infected - 1 skipped C:\WINDOWS\mc-110-12-0000487.exe UPX: infected - 1 skipped C:\WINDOWS\mc-110-12-0000487.exe PE_Patch.UPX: infected - 1 skipped C:\WINDOWS\mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\WINDOWS\mc-110-12-0000488.exe NSIS: infected - 1 skipped C:\WINDOWS\mc-110-12-0000488.exe UPX: infected - 1 skipped C:\WINDOWS\mc-110-12-0000488.exe PE_Patch.UPX: infected - 1 skipped C:\WINDOWS\MSNUPDATE.0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\OFFUN.0XE Infected: Trojan-Downloader.Win32.VB.nw skipped C:\WINDOWS\system32\IBWJAQN.0XE Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\WINDOWS\system32\mtnfc.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\WINDOWS\system32\NDXCHTY.0LL Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\WINDOWS\system32\removefunc.ram/data.rar/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\WINDOWS\system32\removefunc.ram/data.rar/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\WINDOWS\system32\removefunc.ram/data.rar/msnupdate.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\system32\removefunc.ram/data.rar Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\WINDOWS\system32\removefunc.ram RarSFX: infected - 4 skipped C:\WINDOWS\system32\XFPGP.0XE.bak Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\WINDOWS\SYSTEM32SSEC.0XE Infected: Trojan.Win32.Runner.h skipped C:\WINDOWS\WMIAPSRV.0XE Infected: Backdoor.Win32.SdBot.aad skipped Scan process completed. 3) HJT Logfile of HijackThis v1.99.1 Scan saved at 6:36:52 AM, on 6/8/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...61/mcfscan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINDOWS\wmiapsrv.exe (file missing) |
| ||
| Re: MPTFT.EXE problem Hi jd51edwin, For some reason, Avenger is not able to delete those files. So, we have to delete them in Safe Mode manually. Before that, please download ATF Cleaner by Atribune. Reboot to Safe Mode. Delete ALL these files:- C:\COMPDIAG.0XE C:\CORRUPTFIX.0XE C:\DEFENDER23.0XE C:\DEFENDER25.0XE C:\DEFRAGSVC.0XE C:\KEYBOARD23.0XE C:\KEYBOARD25.0XE C:\LSASS.0XE C:\msdosmgr.exe C:\NEWNAME23.0XE C:\NEWNAME25.0XE C:\SERVICES.0XE C:\SVCHOST.0XE C:\WINDOWS\DRSMARTLOAD45A.0XE C:\WINDOWS\DRSMARTLOAD46A.0XE C:\WINDOWS\DRSMARTLOAD849A.0XE C:\WINDOWS\mc-110-12-0000487.exe C:\WINDOWS\mc-110-12-0000488.exe C:\WINDOWS\MSNUPDATE.0XE C:\WINDOWS\OFFUN.0XE C:\WINDOWS\system32\IBWJAQN.0XE C:\WINDOWS\system32\mtnfc.dat C:\WINDOWS\system32\NDXCHTY.0LL C:\WINDOWS\system32\removefunc.ram C:\WINDOWS\system32\XFPGP.0XE.bak C:\WINDOWS\SYSTEM32SSEC.0XE C:\WINDOWS\WMIAPSRV.0XE Next, go to Start Menu > Run and type services.msc and press ENTER. Here, navigate to the service named and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK". Next, run HijackThis and remove these entries:- [b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser
Reboot to Normal Mode. Perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log. |
| ||
| Re: MPTFT.EXE problem Hi swatkat.....I think the bugs are still there....here are the logs.....btw, in your last set of instructions you mentioned: "Next, go to Start Menu > Run and type services.msc and press ENTER. Here, navigate to the service named and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK". " But there were not files indicated so I thought that perhaps it was a typo?? 1) Kaspersky scan log KASPERSKY ON-LINE SCANNER REPORT Thursday, June 08, 2006 9:33:35 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 9/06/2006 Kaspersky Anti-Virus database records: 187384 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 111327 Number of viruses found 60 Number of infected objects 200 Number of suspicious objects 0 Duration of the scan process 01:47:36 Infected Object Name Virus Name Last Action C:\avenger\backup.zip/avenger/crdadcs.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup.zip/avenger/crdadcsA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup.zip/avenger/ibwjaqn.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\avenger\backup.zip/avenger/ssec.exe Infected: Trojan.Win32.Runner.h skipped C:\avenger\backup.zip ZIP: infected - 4 skipped C:\avenger\backup_PC 060506.zip/avenger/crdadcs.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup_PC 060506.zip/avenger/crdadcsA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\avenger\backup_PC 060506.zip/avenger/ibwjaqn.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\avenger\backup_PC 060506.zip/avenger/ssec.exe Infected: Trojan.Win32.Runner.h skipped C:\avenger\backup_PC 060506.zip ZIP: infected - 4 skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe/data.rar/mc-110-12-0000487.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe/data.rar/mc-110-12-0000487.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe/data.rar Infected: Trojan-Downloader.NSIS.Agent.u skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5QJFZD96\msdosmgr[1].exe RarSFX: infected - 3 skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\DRSMARTLOAD45A[1].0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\KEYBOARD23[1].0XE Infected: Backdoor.Win32.VB.ary skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\KEYBOARD25[1].0XE Infected: Trojan.Win32.StartPage.aju skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7Z3VWO4T\NEWNAME25[1].0XE Infected: Trojan-Downloader.Win32.VB.abm skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\DEFENDER24[2].0XE Infected: Trojan-Clicker.Win32.VB.ly skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\DEFENDER25[1].0XE Infected: Trojan-Downloader.Win32.Adload.bx skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\DRSMARTLOAD46A[1].0XE Infected: Trojan-Downloader.Win32.Adload.bq skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ESCWFPDZ\NEWNAME23[1].0XE Infected: Trojan-Downloader.Win32.VB.adw skipped C:\Program Files\Norton AntiVirus\Quarantine\12AB6452.0 Infected: Trojan-Spy.Win32.Idly.c skipped C:\Program Files\Norton AntiVirus\Quarantine\4E5D2804.0 Infected: Trojan-Downloader.Win32.Small.wj skipped C:\Program Files\Norton AntiVirus\Quarantine\4FCE306E.0 Infected: Trojan-Dropper.Win32.Small.mr skipped C:\Program Files\Norton AntiVirus\Quarantine\54492976.0 Infected: Trojan-Downloader.Win32.Small.wj skipped C:\Program Files\Norton AntiVirus\Quarantine\55CF6D86.0 Infected: Trojan-Spy.Win32.Idly.c skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\012B2A72.0 Infected: Trojan-Downloader.Win32.Qoologic.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03335C96.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03360692.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\041F114F.0LL Infected: Trojan-Downloader.Win32.Envolo.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05F87120.0XE Infected: Trojan-Downloader.Win32.Intexp.c skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\068A7A69.0XE Infected: Trojan-Downloader.Win32.Delmed.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06F07071.0XE Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A203BAB.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B0F663A.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B472FFD.tmp Infected: Trojan-Downloader.VBS.Psyme.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B617FE0.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC03611.0LL Infected: Trojan-Downloader.Win32.Qoologic.n skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC03611.0XE Infected: Trojan-Downloader.Win32.Qoologic.n skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC3600D.0LL Infected: Trojan-Downloader.Win32.Qoologic.n skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC60A09.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC60A09.exe NSIS: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC60A09.exe CryptFF: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BD331FB.0XE Infected: Trojan-Downloader.Win32.Qoologic.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BDD2FF0.0LL Infected: Trojan-Downloader.Win32.IstBar.gen skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BDD2FF0.0XE Infected: Trojan-Dropper.Win32.Agent.rs skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CDC063F.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\10F237C5.0XE Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\176F7C9C.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17722699.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18394C7F.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A8A6651.0XE Infected: Trojan-Downloader.Win32.Qoologic.o skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B40094C.0XE Infected: Trojan-Dropper.Win32.Small.ht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe NSIS: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DDB1804.exe CryptFF: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20754799.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20754799.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\213706B3.0LL Infected: Trojan-Clicker.Win32.Small.ez skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\213A30AF.0OM Infected: Trojan-Dropper.Win32.Agent.pb skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\213E5AAC.0XE Infected: Trojan-Downloader.Win32.Agent.qg skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214104A8.0XE Infected: Trojan-Downloader.Win32.Agent.qg skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21442EA4.0XE Infected: Trojan.Win32.StartPage.nk skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214758A1.0XE Infected: Trojan.Win32.StartPage.nk skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214B029D.0XE Infected: Trojan-Downloader.Win32.Small.abd skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe NSIS: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\214E2C9A.exe CryptFF: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21515696.0LL Infected: Trojan-Downloader.Win32.Qoologic.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21622884.0XE Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21687C7D.0XE Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\216B2679.0XE Infected: Trojan-Downloader.Win32.Pacer.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\216F5076.0PL Infected: Trojan-Downloader.Win32.Qoologic.p skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2175246F.0LL Infected: Trojan-Downloader.Win32.Qoologic.p skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2175246F.0XE Infected: Trojan-Dropper.Win32.Small.qn skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\218C4A55.0XE Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21921E4E.0XE Infected: Trojan-Downloader.Win32.Small.abd skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2196484B.0XE Infected: Trojan-Downloader.Win32.Intexp.c skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2196484B.dat Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\231C7916.0XE Infected: Trojan-Downloader.Win32.Apropo.aj skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275814CA.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275814CA.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275C3EC7.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275C3EC7.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275F68C3.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\275F68C3.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276212BF.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27653CBC.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27653CBC.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276966B8.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276966B8.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\277938A6.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27866098.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27890A94.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B75662.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B75662.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B75662.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27BA005E.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27BA005E.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\281617FA.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\283A65D2.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28615DA7.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\287B2D8A.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28852B80.tmp Infected: Trojan-Downloader.VBS.Psyme.v skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28C3493B.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A071A74.0XE Infected: Trojan.Win32.Crypt.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A514B85.0XE Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A8E1BCE.0 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A9145CA.0 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A956FC6.0 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2AA217B8.0XE Infected: Trojan-Downloader.Win32.Pacer.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2AA217B8.fr5 Infected: Trojan.Win32.Agent.db skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BF7410C.0 Infected: Trojan-Downloader.Win32.Qoologic.s skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DFB0DFB.0XE Infected: Backdoor.Win32.SdBot.aad skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp ZIP: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.tmp CryptFF: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip ZIP: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31D93E55.zip CryptFF: infected - 3 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe/data0003 Infected: Trojan-Downloader.Win32.Small.aly skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe NSIS: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34CB6A64.exe CryptFF: infected - 2 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35BF752A.0YS Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35F43546.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38EB7B4B.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3C311A23.0XE Infected: Backdoor.Win32.SdBot.aad skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D53662C.0LL Infected: Trojan.Win32.Kolweb.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6E72C5.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6E72C5.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D711CC2.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D711CC2.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D7446BE.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E1E4E03.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E573350.0XE Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E7D0F9B.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E8A378D.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F2A40DD.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F93006A.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F995462.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40F760E2.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40FA0ADE.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41005ED7.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41242CB0.tmp Infected: Trojan-Downloader.VBS.Psyme.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\412756AC.tmp Infected: Trojan-Downloader.VBS.Psyme.x skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41281271.0XE Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4A9E7FF8.0XE Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AAB27EA.0XE Infected: Trojan.Win32.Pakes skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AAE51E6.0LL Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AAE51E6.0XE Infected: Trojan-Downloader.Win32.Apropo.t skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4C525868.0XE Infected: Trojan-Dropper.Win32.Small.qn skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\50DA393D.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\562633DC.0XE Infected: Trojan-Downloader.Win32.VB.jq skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\639F5F0A.0XE Infected: Trojan-Downloader.Win32.Agent.am skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63D9466D.0XE Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66E91A02.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67133BD4.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A6B0951.0XE Infected: Trojan-Downloader.Win32.Agent.oa skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6BBB4E8B.0XE Infected: Trojan-Downloader.Win32.VB.jq skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D7648C6.0XE Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EC30357.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EC62D54.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EEA7B2C.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F9B7225.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F9E1C22.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FB5264D.0 Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70482367.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70724538.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70896B1F.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70936914.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70E82CB7.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\714D4247.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71711020.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71743A1C.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71C87554.0XE Infected: Trojan-Downloader.Win32.IstBar.lh skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DC5EE6.0LL Infected: Trojan.Win32.Delf.cf skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DC5EE6.0YS Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DF08E2.0XE Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72DF08E2.0YS Infected: Trojan.Win32.Kolweb.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74602D2A.0XE Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74F96281.0XE Infected: Trojan.Win32.Registrator.b skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7738114A.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7738114A.exe NSIS: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7738114A.exe CryptFF: infected - 1 skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\795F28F6.0XE Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A673522.0 Infected: Trojan-Downloader.Win32.Qoologic.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A673522.0XE Infected: Trojan-Downloader.Win32.Pacer.j skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A934863.0XE Infected: Trojan-Downloader.Win32.Delmed.a skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AC11508.0XE Infected: Trojan.Win32.Agent.ay skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7ADE43C0.0TM Infected: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AF93E6A.0XE Infected: Trojan-Downloader.Win32.Pacer.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D583153.0XE Infected: Trojan.Win32.StartPage.acx skipped Scan process completed. 2) HJT : Logfile of HijackThis v1.99.1 Scan saved at 9:37:10 PM, on 6/8/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...61/mcfscan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINDOWS\wmiapsrv.exe (file missing) |
| All times are GMT -4. The time now is 12:02 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC