Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problem saving HJT file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Is there a version of HijackThis earlier than 1.99

Unread postby Jason R » July 5th, 2006, 1:42 am

I cannot save a file log, I highlighted one of the files and it said to try and find an earlier version of revert to hijackthis 1.98.2 or another pre 1.99 to complete scanning. Does anyone know what I should do?
Jason R
Regular Member
 
Posts: 23
Joined: July 5th, 2006, 12:48 am
Advertisement
Register to Remove

Problem saving HJT file

Unread postby Jason R » July 5th, 2006, 1:35 pm

OK, so I have posted two times asking for help and no replies, although it looks like quite a few views. I am new to this, and do not understand why others are being replied to, but not me. Is there some protocol that I am missing? I could really use some help as my computer is obviously infected or disrupted by something that all the spyware available cant fix. Thank you in advance for any help you can offer.
Jason R
Jason R
Regular Member
 
Posts: 23
Joined: July 5th, 2006, 12:48 am

Unread postby 'KotaGuy » July 5th, 2006, 2:30 pm

Hi Jason.

Could you try renaming HijackThis.exe to HJT.exe. Then run the program and see if that helps with saving a logfile you can post.

I am going to lock/move your other two topics.

Thanks.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Jason R » July 5th, 2006, 11:16 pm

Logfile of HijackThis v1.99.1
Scan saved at 8:21:39 PM, on 7/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ScsiAccess.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\MXOALDR.EXE
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINNT\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Hijackthis\HJT.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {05434F01-0A81-FCCE-0B3F-41CAEC58575C} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7C74B436-BE7C-4015-8B56-523C7B698FC9} - C:\WINNT\system32\geebx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows32] lsasss.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\PROGRA~1\EPSON\INKMON~1\InkMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [wingo] C:\WINNT\system32\wingo.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINNT\system32\winsystems.exe
O4 - HKCU\..\Run: [Microsoft Video Capture Controls] wucaultz.exe
O4 - HKCU\..\Run: [DivX Updater] C:\WINNT\system32\DivX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Anti Eq] C:\DOCUME~1\JASONR~1\APPLIC~1\TRUSTA~1\dash dumb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/Client ... cedCAB.CAB
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/c ... blt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt3_x.cab
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/10280b2 ... 210_35.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/w ... 0.0.55.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.game ... _0_0_2.ocx
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://weddingchannel.kodakgallery.com/ ... ofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O20 - Winlogon Notify: geebx - C:\WINNT\system32\geebx.dll
O20 - Winlogon Notify: winjvd32 - C:\WINNT\SYSTEM32\winjvd32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Jason R
Regular Member
 
Posts: 23
Joined: July 5th, 2006, 12:48 am

Unread postby Jason R » July 5th, 2006, 11:19 pm

Thank you that helped me save it. Here is my HJT.exe logfile Can you please take a look at it and direct me on what actions to take. My computer is running VERY slow. Thank you in advance for your assistance.
Jason
Jason R
Regular Member
 
Posts: 23
Joined: July 5th, 2006, 12:48 am

Unread postby 'KotaGuy » July 5th, 2006, 11:59 pm

Heh... not surprised you were having issues with getting HijackThis to run properly with what you've got in your log.

See some nasty stuff in it.

Can I get you to run HijackThis. Click the Misc Tools button. Then the Uninstall Manager button. Then the Save List button and save it to your Desktop.

Post that list in your next reply please.

Thanks.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Jason R » July 6th, 2006, 12:23 am

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 7.0.7
Ahead Nero Burning ROM
ArcSoft Camera Suite
aspi
Audible Download Manager
Canon Camera TWAIN Driver 6.0
Canon Camera Window for ZoomBrowser EX
Canon MultiPASS Suite 3.20
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CC_ccProxyMSI
CC_ccStart
ccCommon
CCHelp
CCScore
DC++ 0.686
EPSON Printer Software
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSstore
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-spyware 4.0
EXEtender Player
Film Factory Lite
FixTunes (remove only)
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for MDAC 2.80 (KB911562)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
Ink Monitor
Internet Explorer Q903235
iPod for Windows 2005-09-23
iPod Software 1.3 Updater
iPod System Software Updater 2.0.1
iPod Updater 2004-11-15
IrfanView (remove only)
iTunes
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Luxor
Macromedia Flash Player 8
Macromedia Shockwave Player
Master Unit
Maxtor OneTouch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 SR-1 Small Business
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft VGX Q833989
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
MSRedist
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton AntiVirus Parent MSI
Norton CleanSweep
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton SystemWorks 2004 Professional
Norton SystemWorks 2004 Professional (Symantec Corporation)
Norton Utilities
Norton WMI Update
Notifier
NSW_DRM_COLLECTION
NVIDIA Audio Driver
NVIDIA Display Driver
OTtBP
PCDJ FX VRM
PCDLNCH
Photo Loader 2.1E
Photohands 1.0E
QuickTime
Retrospect Express HD 1.0
RocketControl 2.2
Security Update for Windows 2000 (KB904706)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
SFR
SFR2
Soulseek Client 152
SoulSeek Client 156c
Sound Blaster Live! Value
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
Symantec Script Blocking Installer
Tag&Rename 3.1.7
TeLL me More
TextBridge Pro 8.0
Update Rollup 1 for Windows 2000 SP4
USB CASIO Digital Camera Device Driver
USB Storage Adapter FX (MXO)
Verizon Online Support Center
Virtual DJ - Atomix Productions
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB916281
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix (SP5) Q818043
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
Zuma Deluxe 1.0
Jason R
Regular Member
 
Posts: 23
Joined: July 5th, 2006, 12:48 am

Unread postby 'KotaGuy » July 6th, 2006, 12:52 am

OK... not seeing anything in the list that jumps out at me or comes back as bad. Let me know if there is anything in there that you do not recognize please.

If it all seems ok to you we'll start with the fixing :D
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Jason R » July 6th, 2006, 12:58 am

Im ready to fix if you are. Lets give it a try. Thank you.
Jason R
Regular Member
 
Posts: 23
Joined: July 5th, 2006, 12:48 am

Unread postby 'KotaGuy » July 6th, 2006, 1:26 am

OK!

Print this out or reference during the fix as for part of you won't be able to access the 'net.

Download the Sasser Removal Tool. Open SASSGUI, run it, then click GO.

Download and install CCleaner. You don't need to install the Yahoo! Toolbar. Don't run the program yet.

Run and scan with HijackThis. Place checks beside the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: (no name) - {05434F01-0A81-FCCE-0B3F-41CAEC58575C} - (no file)
O2 - BHO: (no name) - {7C74B436-BE7C-4015-8B56-523C7B698FC9} - C:\WINNT\system32\geebx.dll
O4 - HKLM\..\Run: [Windows32] lsasss.exe
O4 - HKCU\..\Run: [wingo] C:\WINNT\system32\wingo.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINNT\system32\winsystems.exe
O4 - HKCU\..\Run: [Microsoft Video Capture Controls] wucaultz.exe
O4 - HKCU\..\Run: [DivX Updater] C:\WINNT\system32\DivX.Exe
O4 - HKCU\..\Run: [Anti Eq] C:\DOCUME~1\JASONR~1\APPLIC~1\TRUSTA~1\dash dumb.exe
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/10280b2 ... 210_35.exe
O20 - Winlogon Notify: geebx - C:\WINNT\system32\geebx.dll
O20 - Winlogon Notify: winjvd32 - C:\WINNT\SYSTEM32\winjvd32.dll


Close all open Windows/Browsers and click the Fix button.

Boot into Safe Mode. To do this:

1. Reboot your computer.
2. Tap the F8 button as your computer is booting to bring you to the Advanced Options Menu.
3. Select Safe Mode and press Enter.

Make sure no files will be hidden. To do this:

1. Click Start.
2. Open My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Click OK.

Search for and delete this folder:

C:\DOCUME~1\JASONR~1\APPLIC~1\TRUSTA~1

Search for and delete these files:

C:\WINNT\system32\wingo.exe
C:\WINNT\system32\winsystems.exe
C:\WINNT\system32\geebx.dll
C:\WINNT\SYSTEM32\winjvd32.dll

Press the Windows Key+F to bring up Windows Search. Click All Files and Folder. Click More Advanced Options and make sure the first three boxes are checked. Then enter wucaultz.exe in the All or part of the Filename text field and click the Search button. Delete it if found. Do the same for lsasss.exe

Run CCleaner. Let it clean what it needs to. Then run Ewido through a full scan and save the log to your Desktop.

Reboot Windows normally and post the Ewido log along with a new HijackThis log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Jason R » July 6th, 2006, 2:52 am

Sasser removal didnt find anything
Computer would not boot in safe mode using f8, had to use msconfig
Could not find Folder or files to delete
Ewido would not start in safe mode
Here is current HJT
Logfile of HijackThis v1.99.1
Scan saved at 11:55:39 PM, on 7/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\MXOALDR.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINNT\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Hijackthis\HJT.exe.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A74DCBE5-3FF0-4C47-9CDA-AAF00D2F0492} - C:\WINNT\system32\geebx.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\PROGRA~1\EPSON\INKMON~1\InkMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/Client ... cedCAB.CAB
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/c ... blt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt3_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/w ... 0.0.55.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.game ... _0_0_2.ocx
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://weddingchannel.kodakgallery.com/ ... ofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O20 - Winlogon Notify: geebx - C:\WINNT\system32\geebx.dll
O20 - Winlogon Notify: winjvd32 - C:\WINNT\SYSTEM32\winjvd32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Jason R
Regular Member
 
Posts: 23
Joined: July 5th, 2006, 12:48 am

Unread postby 'KotaGuy » July 6th, 2006, 3:43 am

OK...

Do a scan with Ewido while Windows is booted normally. Save the log to your Desktop.

Then do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.


Post the Ewido log, KAV log, and a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Jason R » July 6th, 2006, 7:19 pm

Logfile of HijackThis v1.99.1
Scan saved at 4:27:17 PM, on 7/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\MXOALDR.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINNT\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Hijackthis\HJT.exe.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A34BC20-1052-4575-988A-2E392C9E29FC} - C:\WINNT\system32\geebx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\PROGRA~1\EPSON\INKMON~1\InkMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/Client ... cedCAB.CAB
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/c ... blt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt3_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/w ... 0.0.55.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.game ... _0_0_2.ocx
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://weddingchannel.kodakgallery.com/ ... ofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O20 - Winlogon Notify: geebx - C:\WINNT\system32\geebx.dll
O20 - Winlogon Notify: winjvd32 - C:\WINNT\SYSTEM32\winjvd32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


KASPERSKY ONLINE SCANNER REPORT
Thursday, July 06, 2006 3:28:36 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/07/2006
Kaspersky Anti-Virus database records: 205203


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 46863
Number of viruses found 42
Number of infected objects 557 / 0
Number of suspicious objects 2
Duration of the scan process 00:47:37

Infected Object Name Virus Name Last Action
C:\20041806_223552_Jason Rucker\C\WINNT\Temp\Altnet\mysearch.cab.nco/20041806_223552_Jason Rucker/C/WINNT/Temp/Altnet/mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWay.j skipped

C:\20041806_223552_Jason Rucker\C\WINNT\Temp\Altnet\mysearch.cab.nco/20041806_223552_Jason Rucker/C/WINNT/Temp/Altnet/mysearch.cab Infected: not-a-virus:AdWare.Win32.MyWay.j skipped

C:\20041806_223552_Jason Rucker\C\WINNT\Temp\Altnet\mysearch.cab.nco ZIP: infected - 2 skipped

C:\20041806_223552_Jason Rucker\C\WINNT\Temp\Altnet\pmexe.cab.nco/20041806_223552_Jason Rucker/C/WINNT/Temp/Altnet/pmexe.cab/Points Manager.exe Infected: not-a-virus:AdWare.Win32.Altnet.h skipped

C:\20041806_223552_Jason Rucker\C\WINNT\Temp\Altnet\pmexe.cab.nco/20041806_223552_Jason Rucker/C/WINNT/Temp/Altnet/pmexe.cab Infected: not-a-virus:AdWare.Win32.Altnet.h skipped

C:\20041806_223552_Jason Rucker\C\WINNT\Temp\Altnet\pmexe.cab.nco ZIP: infected - 2 skipped

C:\abcxx.chm/on-line.exe Infected: Trojan.Win32.Dialer.ce skipped

C:\abcxx.chm CHM: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07042006-231606.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-07-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jason Rucker\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jason Rucker\Desktop\sitehound_141.exe/data0016 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Documents and Settings\Jason Rucker\Desktop\sitehound_141.exe NSIS: infected - 1 skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\ApplicationHistory\RetroExpress.exe.ef08464a.ini.inuse Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B630B12C-A509-464F-BE6B-06493A4BF281} Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\History\History.IE5\MSHist012006070620060707\index.dat Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Temp\me_4746rdoqTVC4a8h Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Temp\me_ca7eEUR3aOhilkS Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Temp\me_FjnilVSQZMtsi5x Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Temp\me_VaQbG4sYOH1KS07 Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Temp\~DF2238.tmp Object is locked skipped

C:\Documents and Settings\Jason Rucker\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jason Rucker\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Jason Rucker\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\Antispam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\FireTrust\SiteHound\uninst.exe/data0005 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\FireTrust\SiteHound\uninst.exe NSIS: infected - 1 skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\AVApp.log Object is locked skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\AVError.log Object is locked skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\002719BF.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\004D1C8A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\00B76A57.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\011E7984.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\01632B86.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\016E4C3C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\01822918.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\01B63A4E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\01B9433C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\01BD391D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\01BD391D.scr Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\026979FB/[From swaltermaui@aol.com][Date Fri, 08 Jul 2005 06:19:35 -0700]/mail21788.pif Infected: Email-Worm.Win32.NetSky.r skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\026979FB Mail: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\026979FB CryptFF: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\02B50A46.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\02D656EE.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\02DF0959.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\02E30E02.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\046143AB.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\04903EFB.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\04B32A36.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\05CD6BC7.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\061E7722.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\06672E88.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\06B71312.exe Infected: Trojan-Downloader.Win32.WebDown.10 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\07837F22.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\07EE1B71.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\084F6B31.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\08994764.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\089C0B91.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\08AA5773.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\08B56138.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\08E717E8.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\091B5740.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\098F3908.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\09CD6192.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0AB4135A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0B1023F4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0B48132E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0BD142B7.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0CD3572C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0D007AEF.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0D0412A9.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0D2D1364.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0D3D2379.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0D870084.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0D97127D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0DAB1DA8.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0E1E4524.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0E2B1251.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0E590DC9.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0E6318ED.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0E85723A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0E994E9A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0EBF1225.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0F087DEA.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0F5311F9.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0F9960BE.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0FB91960.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0FE711CD.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\10AE6560.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\110F1175.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\113045CC.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1174099A.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\123075F0.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\12A534F5.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\13133B20.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\135F10C5.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\13793128.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\13DF272F.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14161001.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\141F2747.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14461D37.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14A75280.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14AC133E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14C50022.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15737043.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15FD77A9 Infected: not-a-virus:AdWare.Win32.Altnet.b skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\16420FE9.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\164A03E8.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\164F1F3B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\16D60FBD.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\16D96B5B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\173F504E.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1765316E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\178F692E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\17FE0F64.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\18A1638D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\19260F0C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\194D12F8.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\195047EB.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\19B90EE0.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\19D717B4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1A4D0EB4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1A82025A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1A8D7AB6.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1AE10E88.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1B30727B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1B750E5C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1BC7247C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1C090E30.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1D310DD8.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1D3A3CD8.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1DC50DAC.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1DFA3D57.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1E590D80.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1E961F9A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1EA434CD Infected: not-a-virus:AdWare.Win32.Lop.bc skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1EA75EC9 Infected: not-a-virus:AdWare.Win32.Lop.bb skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1EED0D54.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1F0A6D26.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1F7051B0.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1F70632E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1F7E7D95.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1F810D28.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1FD65935.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1FD74754.exe Infected: Trojan-Proxy.Win32.Mitglieder.ck skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20140CFC.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\203A7FE0.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\203C4F3D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\203F0492.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\207119E7.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20A80CD0.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20ED74B3.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\213C0CA4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\219C64D4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\21D00C78.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\22640C4C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\226B4FDA.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\22CE6F00.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\22E87677.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\238C0BF4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\239712F9.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\24200BC8.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\24B40B9B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\251A0F53.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25480B6F.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25906A45.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25DC0B43.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\260B2CDB.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\26AA76EB.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27030AEB.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27334A84.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2759670B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27916BE3.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27970ABF.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27A75E27.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\281745A2.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\282B0A93.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\28BF0A67.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\28E661D9.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\29005B3B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2A084873.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2A34331D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2A9A2925.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2B001F2D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2B0D5CDE.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2B487305.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2B661534.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2B817D0E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2BB82955.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2BCC0B3C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2C337498.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2C4842FD.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2C677923.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2D085087.htm Infected: Exploit.VBS.Phel.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2D166943.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2D4712F5.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2DC45964.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2E4662ED.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2EB13DDF.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2F1D280D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2F4532E5.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2FA4367F.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2FC87484.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2FDF1B94.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2FE15F09.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30353349.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\304402DD.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\308B4AFF.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30E356BA.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30EB57B3/AltnetUninstall.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30EB57B3 CAB: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30EB57B3 CryptFF: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\314352D5.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\318E2020.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\324322CD.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\32D36B7B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\32F263DF.exe Infected: Trojan-Proxy.Win32.Mitglieder.ck skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\32F60DDB.exe Infected: Trojan-Proxy.Win32.Mitglieder.ck skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\33147866.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\334272C4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\335A334B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\33815B9C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\33D93FB2.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\34391B2F.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\344142BC.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3463655E/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3463655E NSIS: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3463655E CryptFF: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\34EE3D44.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\354012B4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\35D10FDB.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\362A6524.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\363F62AC.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\364A4F5E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36905B2B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36C262D7.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36D725D2.exe Infected: Trojan-Proxy.Win32.Mitglieder.ck skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36F75133.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\373F32A4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\375D473A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37D20A6D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\380428B6.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\383E029C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\38906DB3.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\38E45B57.exe Infected: P2P-Worm.Win32.Tibick.d skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\393D5294.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\393E5DD4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39BA7385.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39BE18F1.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39ED4DF5.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A3324BE.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A3C228B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A4F2369.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A7B0546.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B265891.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B3B7283.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B607714.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3BFF1B27.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3C196D28.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3CF261D7.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3D302C5F Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3D3A1273.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3DA466A5.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3F247AB2.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3F383263.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3FAA502D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4037025B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\40B56DB4.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4114288C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\41365252.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\414A2C4F.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\414C4D66.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\419B5742.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\41BB2122.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4221172A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4236224A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\42870D31.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\428752F8.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\42CD02F8.exe Infected: Trojan-Downloader.Win32.Zlob.py skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\42E2069E.exe Infected: Trojan-Proxy.Win32.Mitglieder.cj skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\42ED0339.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\42F63C96.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\43357242.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4340490C.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\43537940.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\43537940.scr Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\441233D2.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4434423A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\44856A73.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\44A723AD.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\44B86244.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\45675265.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\45B0258C.htm Infected: Exploit.VBS.Phel.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\45DE025E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\45F17937.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\46444CAE.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\46785E1D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\470B06EE.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\47BF3E88 Infected: Trojan-Downloader.Win32.IstBar.ff skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\48886FE5.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\48BB293E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\48D60411.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4B3205CE.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4BD244BE.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4C101B18 Infected: not-a-virus:AdWare.Win32.Lop.bc skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4C3712ED.tmp Infected: Trojan-Downloader.Win32.Zlob.wt skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4C4764DB.exe Infected: Trojan-Clicker.Win32.Small.kx skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4C51216C.exe Infected: Trojan-Proxy.Win32.Mitglieder.ck skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4CAF591E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4D4B5D21.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4D641EAA.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4E174930.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4E7D3F38.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4EE4353F.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4FDB7B3A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4FEF317A.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\50E156D5.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\50F71A6D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\518F46F6.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\523E3716.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5247720F.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\525357CA.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\52851A99.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\52B730FB Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\533D532E.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\53C82BF9.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\548570A6.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54B9713F.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54B9713F.scr Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54BD1B3B.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54BD1B3B.scr Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C04537.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C36F34.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C36F34.scr Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/cmdnet.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/displays.dll Infected: Backdoor.IRC.Ledor skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/displaystwo.dll Infected: Backdoor.IRC.Ledor skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/lsasss.exe Infected: Backdoor.Win32.mIRC-based skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/re.bat Infected: Trojan.BAT.Zapchast skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/Secure.bat Infected: Trojan.BAT.NoShare.o skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/sendwin.exe Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/sys_bat.bat Infected: Trojan.BAT.Passer.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/wind.dll Infected: Backdoor.IRC.Ledor skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr/xfilex.exe Infected: Trojan-Downloader.Win32.WebDown.10 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr CAB: infected - 10 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54C61930.scr CryptFF: infected - 10 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54CA432D.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54CD6D29.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54CD6D29.scr Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54D01726.exe Infected: Email-Worm.Win32.Bagle.au skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54D34122.exe Infect
Jason R
Regular Member
 
Posts: 23
Joined: July 5th, 2006, 12:48 am

Unread postby 'KotaGuy » July 6th, 2006, 7:24 pm

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Jason R » July 6th, 2006, 8:03 pm

Vundofix never re-opens after clicking OK.
Jason R
Regular Member
 
Posts: 23
Joined: July 5th, 2006, 12:48 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware