Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyware infection! Please review my HJT logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HJT log and other data

Unread postby arqa » January 31st, 2006, 10:55 pm

Hello Kim,

Thanks for your message. It's strange that I didn't get
an e-mail alert of your post...
Here are the results:

REGEDIT4
; Registry Search by Bobbi Flekman
; Version: 1.0.2.1

; Results at 1/31/2006 9:24:09 PM for strings:
; 'contextplus '
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

-----------------------------------------------------------
-----------------------------------------------------------

StartupList report, 1/31/2006, 9:36:27 PM
StartupList version: 1.52.2
Started from : C:\HJT\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\REGSEARCH\REGSEARCH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
EnsoniqMixer = starter.exe
POINTER = point32.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
msnappau = "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
vptray = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
BrowserUpdateSched = C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
AolAcsDaemon1 = "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
rtvscn95 = C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
defwatch = C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
TmPfw =
PcCtlCom = C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
KB891711 = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[PerUser_CVT_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[FontsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[PerUser_HNW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf

[PerUser_ICW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[PerUser_moviemaker] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Base] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[SamplerPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf

[ShellPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[PerUserOldLinks] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

[PerUser_PCHealth] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[PerUser_Paint_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_dxxspace_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

[PerUser_Enable_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf

[PerUser_Wingames_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_ZoneGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_PBGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf

[MotownRecPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[MotownMPlayPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[PerUser_Sysmon_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Sysmeter_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_netwatch_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Onlinelnks_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_ClipBrd_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

[MmoptMusicaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptJunglePerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptRobotzPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptUtopiaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[OlsAolPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsAttPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsProdigyPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsEarthlinkPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf

[Shell3PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

[Theme_MoreWindows_PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf

[PerUser_Preptool] *
StubPath = rundll.exe Setupx.dll,InstallHinfSection Install 64 C:\WINDOWS\INF\RUNLAST.INF

[^RNA] *
StubPath = rundll rnasetup.dll,installoptionalcomponent rna

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\LEONAR~2.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 22/1/2006, 21:56:34)

[Rename]
NUL=C:\WINDOWS\VMMHIBER.W9X
NUL=C:\WINDOWS\CERES.DLL
NUL=C:\WINDOWS\SYSRES.EXE
NUL=C:\WINDOWS\RU.EXE
NUL=C:\WINDOWS\DEL.TMP
NUL=C:\WINDOWS\MTUNINST.EXE
NUL=C:\WINDOWS\WHCC-G~1.EXE
NUL=C:\WINDOWS\IMGGA.EXE
NUL=C:\WINDOWS\SYSTEM\MDACRDME.HTM
NUL=C:\WINDOWS\SYSTEM\DKDRG56X.DLL
NUL=C:\WINDOWS\SYSTEM\CTYPT32.DLL
NUL=C:\WINDOWS\SYSTEM\MDDOCS.DLL
NUL=C:\WINDOWS\SYSTEM\GMV2K100.INI
NUL=C:\WINDOWS\SYSTEM\GMV2K100.INI
NUL=C:\WINDOWS\SYSTEM\SAIE_KYF.DAT
NUL=C:\WINDOWS\SYSTEM\QDOLE.DLL
NUL=C:\WINDOWS\SYSTEM\GRKCFF31.INI
NUL=C:\WINDOWS\SYSTEM\3RT92A4I.INI
NUL=C:\WINDOWS\SYSTEM\MH9LB9O1.INI
NUL=C:\WINDOWS\SYSTEM\MSCLOC~1.DLL
NUL=C:\WINDOWS\SYSTEM\MSPLG.JPG
NUL=C:\WINDOWS\SYSTEM\RIDE50~1.EXE
NUL=C:\WINDOWS\SYSTEM\VVXIXBK1.XML
NUL=C:\WINDOWS\SYSTEM\9R6G27RD.INI
NUL=C:\WINDOWS\SYSTEM\VVXIXBK1.XML
NUL=C:\WINDOWS\SYSTEM\1GIC91U5.INI
NUL=C:\WINDOWS\SYSTEM\BTWS.EXE
NUL=C:\WINDOWS\SYSTEM\OVAL73H.J9R
NUL=C:\WINDOWS\SYSTEM\EOL.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\COMMON~1\AUTODE~1

--------------------------------------------------

C:\CONFIG.SYS listing:

*File is empty*

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

echo off
REM Notes:
REM DOSSTART.BAT is run whenenver you choose "Restart the computer
REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
REM you to load programs that you might not want loaded in Windows,
REM (because they have functional equivalents) but that you do
REM want loaded under MS-DOS. The two primary candidates for
REM this are MSCDEX and a real mode driver for the mouse you ship
REM with your system. Commands that you want present in both Windows
REM and MS-DOS should be placed in the Autoexec.bat in the
REM \Image directory of your reference server. Please note that for
REM MSCDEX you will need to load the corresponding real-mode CD
REM driver in Config.sys. This driver won't be used by Windows 98
REM but will be available prior to and after Windows 98 exits.
REM
REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
REM before Windows loads and access the CD-ROM. All you have to do
REM is press F8 and then run DOSSTART to load MSCDEX and your real
REM mode mouse driver (no need to remember the command line parameters
REM for these two files.
REM
REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
REM - The string following the /D: statement must explicitly match
REM the string in CONFIG.SYS following your CD-ROM device driver.
REM MSCDEX.EXE /D:OEMCD001 /l:d
REM MOUSE.EXE
LH C:\PROGRA~1\MICROS~8\MOUSE\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://fpdownload.macromedia.com/get/sh ... tor/sw.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/C ... 8010300926

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\SYSTEM\KASPERSKY LAB\KASPERSKY ON-LINE SCANNER\KAVWEBSCAN.DLL
CODEBASE = http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab

[WScanCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBSCAN.DLL
CODEBASE = http://www3.ca.com/securityadvisor/viru ... ebscan.cab

[{17492023-C23A-453E-A040-C7C580BBF700}]
CODEBASE = http://go.microsoft.com/fwlink/?linkid=48835

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
Protocol #1: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #4: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating Win9x VxD services:

VNETSUP: vnetsup.vxd
VPOWERD: *VPOWERD
NDIS: ndis.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
NTKern: *NTKERN
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
IOS: *IOS
MTRR: *MTRR
SPOOLER: *SPOOLER
UDF: *UDF
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VNETBIOS: vnetbios.vxd
VREDIR: vredir.vxd
DFS: dfs.vxd
NDISWAN: ndiswan.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

CTYRIA = C:\WINDOWS\SYSTEM\CTYRIA.exe
D3DDER = C:\WINDOWS\SYSTEM\D3DDER.exe
MSRFOX = C:\WINDOWS\SYSTEM\MSRFOX.exe
CLOUDSIM = C:\WINDOWS\SYSTEM\CLOUDSIM.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 28,204 bytes
Report generated in 0.520 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

-----------------------
-----------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:40:58 PM, on 1/31/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\REGSEARCH\REGSEARCH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=48835


----------------------
----------------------
I tried to Run SYSEDIT but Windows couldn't find it...
I opened C:\WINDOWS\WIN.INI thru Search

[windows]
SkipMouseRedetect=0
load=
run=
NullPort=None
device=CAPTURE FAX BVRP,Bvrpwfu,FAX BVRP:

[Desktop]
Wallpaper=C:\WINDOWS\SETUP.BMP
TileWallpaper=0
WallpaperStyle=2
Pattern=(None)

[intl]
iCountry=1
ICurrDigits=2
iCurrency=0
iDate=0
iDigits=2
iLZero=1
iMeasure=1
iNegCurr=0
iTime=0
iTLZero=0
s1159=AM
s2359=PM
sCountry=United States
sCurrency=$
sDate=/
sDecimal=.
sLanguage=enu
sList=,
sLongDate=dddd, MMMM dd, yyyy
sShortDate=M/d/yyyy
sThousand=,
sTime=:

[fonts]

[FontSubstitutes]
Helv=MS Sans Serif
Tms Rmn=MS Serif
Times=Times New Roman
Helvetica=Arial
MS Shell Dlg=MS Sans Serif

[Compatibility]
_3DPC=0x00400000
_BNOTES=0x224000
_LNOTES=0x00100000
ACAD=0x8000
ACT!=0x400004
ACROBAT=0x04000000
AD=0x10000000
ADW30=0x10000000
ALARMMGR=0x0040000
ALDSETUP=0x00400000
AMIPRINT=0x04000000
AMIPRO=0x04000010
APORIA=0x0100
APPROACH=0x0004
BALER=0x08000000
BMAPP=0x0004
CASMONEY=0x00200000
CAVOIDE=0x00200000
CCMAIL=0x00200000
CCMCWFY=0x80
CHARISMA=0x2000
CONFIG=0x00400000
CORELDRW=0x48000
CORELPNT=0x08000000
COSTAR=0x0004
CP=0x0040
CROSSTIE=0x00000400
DARCH=0x80
DESIGNER=0x00002000
DIRECTOR=0x00800000
DPLANNER=0x00200000
DRAW=0x2000
DS40=0x8000
DTWIN20=0x00000400
EAP=0x0004
ED=0x00010000
EXCEL=0x1000
EXPASTRO=0x04000000
EXTYPWND=0x00200000
FAXVIEW=0x04000000
FAXWORKS=0x00000400
FH4=0x00E08000
FLW2=0x8000
FMPRO=0x00200000
FREEHAND=0x8000
FULLTEXT=0x20000000
GIFTMAKE=0x20000000
GUIDE=0x1000
HDW=0x04800000
HGW=0x8000
HGW2EXE=0x8000
HGW3EXE=0x8000
HPOLNK08=0x00400000
HJDRAW=0x00400000
IDAPICFG=0x00400000
IDRAW=0x04008000
ILLUSTRATOR=0x8000
IMPROV2=0x00000000
INFOCENT=0x04000000
INSIGHT=0x00000400
INSTAL1=0x00400000
INSTALL=0x00400000
INTERMIS=0x10000000
IS20INST=0x00000000
IVIHEALT=0x00400000
JEOPARDY=0x00200000
JW=0x00000000
KALOAD2=0x00400000
KEYCAD=0x8000
LE_ADMIN=0x00400000
LUI=0x20000000
MAILSPL=0x10000000
MAKER=0x00200000
MAPS1=0x04008022
MATH=0x00000001
MAVIS=0x00200000
MCOURIER=0x0800
MFWIN20=0x02000000
MILESV3=0x1000
MILESV40=0x4
MOZART=0x40000000
MSARTIST=0x00100000
MSBHUMAN=0x4
MSREMIND=0x10000000
MVIEWER2=0x40200000
MYINV=0x00200000
MYST=0x08000000
NAFTA1=0x4008022
NBAMW4V4=0x04000000
NETSET2=0x0100
NDITEST=0x00400000
NOTES=0x200000
NOTSHELL=0x0001
OPERATOR=0x02000000
OUTPOST=0x00000000
OWLAPP=0x00400000
PACKRAT=0x0800
PAINTER=0x00000000
PAWC8DC3=0x00400000
PAWIN=0x4
PEACHW=0x04800004
PIXIE=0x0040
PLANIT=0x0004
PLANNER=0x2000
PLUS=0x1000
PM4=0xA000
PM5APP=0x8000
PP4=0x00000000
PR2=0x2000
PRINTHLP=0x0004
QAPLUSW=0x0004
QLIIFAX=0x00400000
QUAKE=0x80
QW=0x08000000
RELAY=0x20000000
REM=0x8022
RR2CD=0x00200000
RX=0x00000400
RXL=0x00000400
SETUP=0x00000000
SIDEKICK=0x0004
SLEEPER=0x10000000
SOL=0x00400000
SPCB=0x04008000
SPORTJEP=0x00200000
SPWIN20=0x00400000
ST2=0x4008022
STRAUSS=0x40000000
STRAV=0x40000000
SCHUBERT=0x40000000
SSBWIN=0x00200000
SWCWIN=0x00800004
TCVWIN=0x00200000
TCW=0x00400000
TCWIN=0x0004
TERRAIN=0x00400000
TISETUP=0x00200000
TL6=0x08000000
TME=0x0100
TMSWIN=0x20000000
TMTWIN=0x00200000
TMTWINCD=0x00200000
TOUCHUP=0x00400000
TURBOTAX=0x00080000
UNWISE=0x00400000
VB=0x0200
VEWINFIL=0x00400000
VISIO=0x00000004
VISIOHM=0x00000004
VISION=0x0040
W4GL=0x4000
W4GLR=0x4000
WGW=0x00440000
WIN2WRS=0x1210
WINCIM=0x4
WINLINK=0x20000000
WINPHONE=0x0004
WINSIM=0x2000
WINTACH=0x00200000
WORDSCAN=0x02200000
WPWINFIL=0x00000006
WPWIN60=0x00000400
WPWIN61=0x02000400
WSETUP=0x00200000
XPRESS=0x00000008
ZETA01=0x00400000
ZIFFBOOK=0x00200000
NOTIFIER=0x400000

[Compatibility32]
CLWORKS=0x00A00000
MCAD=0x00600000
PHOTOSHP=0x00208000
PODW=0x00200000
SPSSWIN=0x00200000
TYPSTRY2=0x00200000
V32VM20=0x02000000
VISIO=0x00000000
VISIOHM=0x00000000
WINPHONE=0x00000004
WRDART32=0x00400000
SHELL=0x80000000
USTATION=0x80000000
Juno=0x00000002

[Compatibility95]
_INS0432=0x00080000
_INS5176=0x00080000
_INS576=0x00080000
_INS5576=0x00080000
ASEDIT=0x00080000
ASAUDIO=0x00080000
ASCAMERA=0x00080000
ASVIDEO=0x00080000
ASVOICE=0x00080000
BLUELIGH=0x00080000
FREEICLI=0x00080000
HPFIUI=0x00080000
LAPLINK=0x00080000
LAUNCH=0x00080000
LEXBCES=0x00080000
MNGREG32=0x00080000
MOTODV=0x00080000
POINT32=0x00000002
SA6REG=0x00080000
SETUP=0x00080000
SETUP2=0x00080000
WEBEX=0x00100000
CHAOS OV=0x80000000
CONF=0x00000002
MSDEV=0x00000002
IMAGE32=0x80000000
INST32=0x80000000
AGENTSVR=0x00000002
MSOOBE=0x00000002
Juno=0x00000002

[ModuleCompatibility]
ACEROOBE=0x0004
AIRNFM=0x0002
ALDNCD=0x0002
AMRES=0x0002
ATM=0x0002
ARCHANGEL=0x0002
CSNOV=0x0002
DEFDEMO=0x0002
DIBWND=0x0002
DIB=0x0002
DS=0x0001
EMLIB=0x0002
EMSAVE=0x0002
FH4=0x0002
GEDIT=0x0002
GEORGE=0x0002
GVBSETUP=0x0002
HRWCD=0x0002
ISLFAXPR=0x0002
KIDDESK=0x0002
KIDSTYPE=0x0000
KNPS=0x0002
LIONKING=0x0002
MAUI_DRV=0x0002
MGXWMF=0x0002
MEMMAP=0x0002
MSARTIST=0x0002
MSCRWRTR=0x0002
MSCUISTF=0x0001
MVIEWER2=0x0002
MWAVSCAN=0x0002
MYINV=0x0002
OLESVR=0x0002
PDOXWIN=0x0002
PLANIT=0x0002
PP3=0x0002
PP4=0x0002
PPPP=0x0002
PXDSRV2=0x0002
REVIEWRT=0x0002
ROULETTE=0x0002
RRIRJ=0x0002
RR1=0x0002
RR2CD=0x0002
STL_DLG=0x0002
TECO=0x0001
TER=0x0002
TLW0LOC=0x0002
TMSWIN=0x0002
USA=0x0002
VOICE=0x0002
WFXVIEW=0x0004
WINFORM=0x0002
WPWIN61=0x0002

[TrueType]
FontSmoothing=0

[mci extensions]
mid=Sequencer
rmi=Sequencer
wav=waveaudio
avi=AVIVideo
cda=CDAudio
midi=Sequencer
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
snd=MPEGVideo
ivf=MPEGVideo2
m3u=MPEGVideo
mp3=MPEGVideo
mp2=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
mp2v=MPEGVideo
m1v=MPEGVideo
wax=MPEGVideo2
wvx=MPEGVideo2
wm=MPEGVideo2
wmx=MPEGVideo2
wma=MPEGVideo2
wmp=MPEGVideo2
wmv=MPEGVideo2
mov=QTWVideo
pic=QTWVideo
jpg=QTWVideo
flc=AVIVideo
fli=AVIVideo
cel=AVIVideo
wpl=MPEGVideo2

[MCICompatibility]
QTWVideo=0x0001
MCIXSND=0x0001
GDAnim=0x0001

[mciavi]

[Desktop_Shell]
Current=Win

[Pscript.Drv]
ATMWorkaround=1

[Ports]
LPT1:=
LPT2:=
LPT3:=
COM1:=9600,n,8,1,x
COM2:=9600,n,8,1,x
COM3:=9600,n,8,1,x
COM4:=9600,n,8,1,x
FILE:=

[embedding]
Package=Package,Package,packager.exe,picture
midfile=MIDI Sequence,MIDI Sequence,C:\WINDOWS\mplayer.exe /mid,picture
SoundRec=Wave Sound,Wave Sound,C:\WINDOWS\sndrec32.exe,picture
Wordpad.Document.1=WordPad Document,WordPad Document,C:\PROGRA~1\ACCESS~1\WORDPAD.EXE,picture
PBrush=Paintbrush Picture,Paintbrush Picture,C:\Progra~1\Access~1\MSPAINT.EXE,picture
Paint.Picture=Bitmap Image,Bitmap Image,C:\Progra~1\Access~1\MSPAINT.EXE,picture
mplayer=Media Clip,Media Clip,C:\WINDOWS\mplayer.exe,picture
Imaging.Document=Image Document,Image Document,C:\WINDOWS\KODAKIMG.EXE,picture
WangImage.Document=Image Document,Image Document,C:\WINDOWS\KodakImg.Exe,picture
avifile=Video Clip,Video Clip,C:\WINDOWS\mplayer.exe /avi,picture

[Extensions]
ZIP=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.ZIP
LZH=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.LZH
ARJ=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.ARJ
ARC=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.ARC
TAR=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.TAR
TAZ=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.TAZ
TGZ=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.TGZ
TZ=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.TZ
GZ=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.GZ
Z=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.Z
CAB=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.CAB
UU=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.UU
UUE=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.UUE
XXE=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.XXE
B64=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.B64
HQX=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.HQX
BHX=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.BHX
MIM=C:\PROGRA~1\WINZIP\ZIP7\winzip32.exe ^.MIM
tbk=C:\PIPOGEO\TBLOAD.EXE ^.TBK
mov=C:\WINDOWS\PLAYER.EXE ^.mov
pic=C:\WINDOWS\VIEWER.EXE ^.pic

[Devices]
CAPTURE FAX BVRP=Bvrpwfu,FAX BVRP:

[PrinterPorts]
CAPTURE FAX BVRP=Bvrpwfu,FAX BVRP:,15,45

[Sounds]
SystemDefault=,

[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
snd=MPEGVideo
ivf=MPEGVideo2
m3u=MPEGVideo
mp3=MPEGVideo
mp2=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
mp2v=MPEGVideo
m1v=MPEGVideo
wax=MPEGVideo2
wvx=MPEGVideo2
wm=MPEGVideo2
wmx=MPEGVideo2
wma=MPEGVideo2
wmp=MPEGVideo2
wmv=MPEGVideo2
wpl=MPEGVideo2



[Mail]
MAPI=1

[WAOL]
AppPath=C:\PROGRAM FILES\AMERICA ONLINE 6.0
InstallDrive=C
SharedPath=C:\WINDOWS\AOLSHARE

[DrawDib]
pnpdrvr.drv 800x600x16(565 0)=37,5,5,5
pnpdrvr.drv 1024x768x16(565 0)=37,5,5,5

[WinZip]
Note-1=This section is required only to install the optional WinZip Internet Browser Support build 0231.
Note-2=Removing this section of the win.ini will have no effect except preventing installation of WinZip Internet Browser Support build 0231.
win32_version=6.3-7.0

[Mach]
devicebitmap=off

-----
-----
Same with SYSTEM.INI


[boot]
oemfonts.fon=vgaoem.fon
shell=Explorer.exe
system.drv=system.drv
drivers=mmsystem.dll power.drv
user.exe=user.exe
gdi.exe=gdi.exe
sound.drv=mmsound.drv
dibeng.drv=dibeng.dll
comm.drv=comm.drv
mouse.drv=mouse.drv
keyboard.drv=keyboard.drv
*DisplayFallback=0
fonts.fon=vgasys.fon
fixedfon.fon=vgafix.fon
386Grabber=vgafull.3gr
display.drv=pnpdrvr.drv
previousProjectorProcessID=0
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\LEONAR~2.SCR

[keyboard]
keyboard.dll=
oemansi.bin=
subtype=
type=4

[boot.description]
system.drv=Standard PC
mouse.drv=Microsoft Mouse
keyboard.typ=Standard 101/102-Key or Microsoft Natural Keyboard
aspect=100,96,96
display.drv=Intel(R) 82810 Graphics Controller

[386Enh]
MinSPS=8
ebios=*ebios
woafont=dosapp.fon
mouse=*vmouse, msmouse.vxd
device=*dynapage
device=*vcd
device=*vpd
device=*int13
device=*enable
keyboard=*vkd
EMMExclude=C000-CFFF
display=*vdd,*vflatd

[NonWindowsApp]
TTInitialSizes=4 5 6 7 8 9 10 11 12 13 14 15 16 18 20 22

[power.drv]

[drivers]
wavemapper=*.drv
MSACM.imaadpcm=*.acm
MSACM.msadpcm=*.acm
wave=mmsystem.dll
midi=mmsystem.dll

[iccvid.drv]

[mciseq.drv]

[mci]
cdaudio=mcicda.drv
sequencer=mciseq.drv
waveaudio=mciwave.drv
avivideo=mciavi.drv
videodisc=mcipionr.drv
vcr=mcivisca.drv
MPEGVideo=mciqtz.drv
MPEGVideo2=mciqtz.drv
QTWVideo=C:\WINDOWS\SYSTEM\MCIQTW.DRV

[vcache]
MaxFileCache=524288

[MSNP32]

[Password Lists]
default=C:\WINDOWS\default.PWL
ADRIANA=C:\WINDOWS\ADRIANA.PWL

[Macx]
DeviceBitmaps=OFF



[CineMac]
previousProjectorProcessID=4294664273


[drivers32]
msacm.lhacm=lhacm.acm
VIDC.VDOM=vdowave.drv
msacm.msaudio1=msaud32.acm
msacm.sl_anet=sl_anet.acm
MSACM.imaadpcm=imaadp32.acm
MSACM.msadpcm=msadp32.acm
MSACM.msgsm610=msgsm32.acm
MSACM.msg711=msg711.acm
MSACM.trspch=tssoft32.acm
vidc.CVID=iccvid.dll
VIDC.IV31=ir32_32.dll
VIDC.IV32=ir32_32.dll
vidc.MSVC=msvidc32.dll
VIDC.MRLE=msrle32.dll
msacm.msg723=msg723.acm
vidc.M263=msh263.drv
vidc.M261=msh261.drv
VIDC.IV50=ir50_32.dll
msacm.iac2=C:\WINDOWS\SYSTEM\IAC25_32.AX
msacm.l3acm=C:\WINDOWS\SYSTEM\L3CODECA.ACM
msacm.msadpcm1=msadp32.acm
VIDC.YUY2=msyuv.dll
VIDC.UYVY=msyuv.dll
VIDC.YVYU=msyuv.dll
msacm.voxacm160=vct3216.acm
vidc.aasc=aasc32.dll
vidc.aflc=flccodec32.dll
vidc.afli=flccodec32.dll

[Windows]
load=C:\WINDOWS\INET20066\SERVICES.EXE

[TTFontDimenCache]
0 4=2 4
0 5=3 5
0 6=4 6
0 7=4 7
0 8=5 8
0 9=5 9
0 10=6 10
0 11=7 11
0 12=7 12
0 13=8 13
0 14=8 14
0 15=9 15
0 16=10 16
0 18=11 18
0 20=12 20
0 22=13 22

-------------
-------------

Hope this helps. Please advice.
Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am
Advertisement
Register to Remove

Unread postby Kimberly » February 1st, 2006, 12:42 pm

Hello arqa,

You can check if you are still watching the topic - it should read stop watching this topic if email notification is enabled.

The registry search didn't show any results, so that's fine. :)

If you already have the latest Ad-Aware SE 1.06 version, skip to Run Ad-Aware. Otherwise download Ad-Aware SE 1.06 from here and install it. Uncheck all the options before leaving the Install Wizard.

Run Ad-Aware and Click on the World Icon. Click the Connect button on the webupdate screen. If an update is available download it and install it. Click the Finish button to go back to the main screen.

Click on the Gear Icon (second from the left at the top of the window) to access the Configuration Window.

Click on the General Button on the left and select in green
  • Under Safety
    • Automatically save log-file
    • Automatically quarantine objects prior to removal
    • Safe Mode (always request confirmation)
  • Under Definitions
    • Prompt to udate outdated definitions - set to 7 days
Click on the Scanning Button of the left and select in green
  • Under Driver, Folders & Files
    • Scan Within Archives
  • Under Select drives & folders to scan
    • choose all hard drives
  • Under Memory & Registry
    • Scan Active Processes
    • Scan Registry
    • Deep Scan Registry
    • Scan my IE favorites for banned URL’s
    • Scan my Hosts file
Click on the Advanced Button on the left and select in green
  • Under Shell Integration
    • Move deleted files to Recycle Bin
  • Under Logfile Detail Level
    • Include addtional object information
    • DESELECT - Include negligible objects information (make it show a red X)
    • Include environment information
  • Under Alternate Data Streams
    • Don't log streams smaller than 0 bytes
    • Don't log ADS with the following names: CA_INOCULATEIT
Click the Tweak Button and select in green
  • Under the Scanning Engine (Click on the + sign to expand)
    • DESELECT Unload recognized processes & modules during scan (make it show a red X)
    • Scan registry for all users instead of current user only
  • Under the Cleaning Engine (Click on the + sign to expand)
    • Always try to unload modules before deletion
    • During Removal, unload Explorer and IE if necessary
    • Let Windows remove files in use at next reboot
  • Under the Log Files (Click on the + sign to expand)
    • Include basic Ad-aware SE settings in logfile
    • Include additional Ad-aware SE settings in logfile
    • Include reference summarry in log file
    • Include alternate data stream details in log file
Click on Proceed to save the settings and close the program.
______________________________

If not already installed, download and install the VX2 Cleaner 2.0 plugin from Lavasoft by following the instructions below.

Installing VX2 Cleaner 2.0
  1. Close Ad-Aware, if it is currently open.
  2. Download the VX2 Cleaner 2.0 Plug-in here.
  3. After installing, restart Ad-Aware before running the VX2 Cleaner.
______________________________

If Spybot - S&D 1.4 is already installed on your system, skip to Update Spybot - S&D before using it. Otherwise download Spybot - S&D from the following link:
Spybot - Search and Destroy

When you have downloaded the program, double click on the downloaded file to start the installation. Follow the default selections, pressing the Next button until you get to the Select Additional Tasks screen.

Under Permanent protection, make sure to uncheck the following items for now:
  • Use Internet Explorer Protection
  • Use system settings Protection (TeaTimer)
Press the Next button and then the Install button to start the installation process. When the installation process is complete, make sure that Run Teatimer is unchecked.

Launch Spybot - S&D

If you told Spybot to launch when it was done installing, the program should now be open. Otherwise find the icon on your desktop and double-click on it. When you use Spybot - S&D for the first time, it will prompt you for certain tasks to complete. Skip all tasks for now by pressing the Next button. Click on the button labeled Start using this program to begin using Spybot - Search & Destroy.

Update Spybot - S&D before using it

Click on the Search for Updates button. If there are available updates, they will be listed. Click on the Download Updates button and Spybot - S&D will download the updates and install them.
______________________________

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present:

O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm

Close ALL windows and browsers except HijackThis and click Fix Checked
______________________________

No worries about sysedit.exe, the file is not included with Windows ME. I did presume it still was present. Using notepad, edit the following line in System.ini :

load=C:\WINDOWS\INET20066\SERVICES.EXE

So it looks like this:

load=

Close the file.
When it asks if you want to save changes...say Yes.
______________________________

Backup the registry by following the instructions here :
http://support.microsoft.com/kb/256419/EN-US/

Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"TmPfw "=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"CTYRIA"=-
"D3DDER"=-
"MSRFOX"=-
"CLOUDSIM"=-

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=-
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""


Save it to your desktop as Fixme.reg. Save it as :
File Type: All Files (not as a text document or it wont work).
Name: Fixme.reg

Locate Fixme.reg on your desktop. If you see that the filename is fixme.reg.txt change it to fixme.reg
Double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt. Reboot the computer.
______________________________

Using Windows Explorer, Search and Delete these Folders if listed:

C:\PROGRAM FILES\WEB_REBATES
C:\WINDOWS\INET20066

Use Killbox to delete the following files, you should be able to delete them without rebooting:

C:\WINDOWS\SYSTEM\CTYRIA.exe
C:\WINDOWS\SYSTEM\D3DDER.exe
C:\WINDOWS\SYSTEM\MSRFOX.exe
C:\WINDOWS\SYSTEM\CLOUDSIM.exe
______________________________

Clean out your Temporary Internet files. Procede like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, click to select the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
______________________________

Let's check your IE settings because you had some nasties. While you're at that page, check the Java settings, write them down and let me know about them.
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click on the Security tab
  3. Click the Internet icon so it becomes highlighted.
  4. Click on Default Level and click Ok
  5. Click on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  6. Next press the Apply button and then the OK to exit the Internet Properties page.
______________________________

Start Ad-Aware SE
  • Click on Add-ons
  • Select the VX2 Cleaner plug-in and click Run Tool
  • If your computer isn’t infected, click Close.
    OR
  • If you computer is infected with VX2, a dialog box with text such as New VX2 variant found or VX2 variant 1 found will appear.
  • Press Clean and a dialog box with text The first phase completed. Please reboot and perform a Smart Scan will appear.
  • Reboot your computer
  • Run Ad-Aware and Click on the Scan Now Button
    • Choose Perform Full System Scan
    • DESELECT Search for negligible risk entries, as negligible risk entries (MRU's) are not considered to be a threat. (make it show a red X)
    Click Next to begin the scan. When the scan is completed, the Performing System Scan screen will change name to Scan Complete.

    Click the Next Button to get to the Scanning Results Window where more information about the objects detected during the scan is available. Click the Critical Objects Tab. In general all of the items listed will be bad. To fix all the bad critical objects, right click on one of them, click the Select All entry in the pop-up menu to mark all entries. Click Next and then OK in the dialog box to confirm the removal.
Repeat this until the VX2 Cleaner reports System clean. Press Close to exit.

Run Ad-Aware one more time and perform a Perform Full System Scan of your computer to make sure VX2 has been found and removed.
______________________________

Run Spybot - S&D

Click the button Check for Problems
When Spybot is complete, it will be showing RED entries, BLACK entries and GREEN entries in the window.
Make sure that there is a check mark beside all of the RED entries ONLY.
Choose Fix Selected Problems and allow Spybot to fix the RED entries.

If it has trouble removing any spyware, you will get a message window, asking if it would be ok to run Spybot - S&D on the next reboot before any other applications start running. You should reply Yes to this. The next time you start Windows, Spybot will run automatically and fix any of the programs it could not fix previously.

At this point you will be presented with the list of found entries again, but now there will be large green checkmarks next to the items that Spybot - S&D was able to remove. The ones that are still checked but do not have the large green checkmark next to them will be fixed on the next reboot of windows.
______________________________

Please do an online scan with Kaspersky Online Scanner - use the extended bases as shown below.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
______________________________

For the javascript error. Install the following patch and see if that resolves the error. Select the appropriate language in the dropdown box and download the file. Install and follow the onscreen instructions.

Internet Explorer 6 SP1 Update: "HTTP 404 - File Not Found" Error Message When You Try to Visit Web Pages That Are Opened by JavaScript Functions in Frames or in Windows
http://www.microsoft.com/downloads/deta ... laylang=en
______________________________

Please post the Kaspersky log and a new HijackThis log for review. Let me know which problems persist on the computer.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby arqa » February 3rd, 2006, 1:17 am

Hello Kim,

I did most of the things listed in your previous post.

Killbox couldn't delete the files, because they didn't seem to exist.

The settings I found referred to Java were:
Java permissions - High Safety
Scripting of Java applets- Enable
and just in case
Miscellaneous Access data sources across domains- Disable
-----------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:08:02 AM, on 2/3/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
-----------------------------
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, February 03, 2006 00:05:32
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 3/02/2006
Kaspersky Anti-Virus database records: 163861
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
a:\
c:\
d:\

Scan Statistics:
Total number of scanned objects: 51160
Number of viruses found: 96
Number of infected objects: 361
Number of suspicious objects: 14
Duration of the scan process: 6393 sec

Infected Object Name - Virus Name
c:\_RESTORE\ARCHIVE\FS4.CAB/W0002825.CPY Infected: Trojan-Dropper.Win32.Agent.xw
c:\_RESTORE\ARCHIVE\FS4.CAB Infected: Trojan-Dropper.Win32.Agent.xw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D1BB0000.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E4C90000.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C4AB0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50001.VBN Infected: Trojan-Dropper.Win32.Small.mr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D55F0000.VBN Infected: Trojan-Dropper.Win32.Agent.tb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50003.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0450000.VBN Infected: Trojan-Dropper.Win32.Agent.tb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50005.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E78B0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50007.VBN Infected: Trojan-Dropper.Win32.Small.mr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0CC90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B2A90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DF1D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2750000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\62CD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\72050000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\77890000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D7370000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51490000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5FA10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5FA10001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\592D0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\64B90000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\61910000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A84F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\15530000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\15530001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1E7B0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B3F0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9AB90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\97910000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\94250000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\92110000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1E5F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5A870000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\670B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\61FF0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\01650000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\194B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\54430000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A67F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\70210000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6FC90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6AF10000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\67650000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5F950000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5F950001.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5ABD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EAED0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\53E50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4E790000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\48CD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\45D50000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7FA10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\792D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\77C50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\71710000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CFD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6E690000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\361B0000.VBN Infected: Trojan-Downloader.Win32.IstBar.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\34AF0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\23BB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6AF70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3D4D0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24710000.VBN Infected: Trojan-Downloader.Win32.IstBar.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\58DD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\57F50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\44570000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\40EF0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\60B50000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0BE10000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7F950000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BEEB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B8770000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6E990000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6E70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B47B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A9CF0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\AF430000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\56970000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5D550000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5ED90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\586D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51970000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4CE30000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4F6F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BE370000.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B8830001.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51970001.VBN Infected: Trojan.Win32.ExitWin.z
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E5330000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D4870000.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CAB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F9110000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\86AD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\56A50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51590000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6C490000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9BB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EC530000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\288D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DDDD0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\18870000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\12450000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4EEF0000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\48BB0000.VBN Infected: Trojan-Downloader.Win32.VB.hj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EFA50000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5A5D0000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2930000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DD1F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9010000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\940D0000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99F10000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A9350000.VBN Infected: Trojan-Downloader.Win32.Agent.tv
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B3650000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\829F0000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B68B0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B51F0000.VBN Infected: Trojan-Proxy.Win32.Agent.df
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0AFF0000.VBN Infected: Trojan-Proxy.Win32.Agent.df
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E75B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C9830000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BDBF0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A7E10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EAFD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B04F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DED50000.VBN Infected: Trojan.Win32.EliteBar.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9CCD0000.VBN Infected: Trojan.Win32.EliteBar.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\01010000.VBN Infected: Trojan-Dropper.Win32.Agent.xw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\39070000.VBN Infected: Trojan-Dropper.Win32.Agent.xw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\17D50000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9AE90000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6970000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\ADB70000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2FEF0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\04470000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\740B0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\36E10001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1C50000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F3490000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\75A50000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\07B90000.VBN Infected: Trojan-Downloader.Win32.Small.bho
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\05350000.VBN Infected: Trojan-Downloader.Win32.Small.bho
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\13190000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\10950000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\02410000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDD0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\158D0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2F90001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FF4D0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\55CB0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0010000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9C590000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\97250000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9A8D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9C590001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\98F10001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0010002.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750003.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\91C10002.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FB4B0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2CC50000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2EE90001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B110000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\92830000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\419F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A62F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\314F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6D10000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7D530000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7BEF0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\767B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74F70000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CAB0001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6B270000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\644F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7BEF0001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7D530001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\767B0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FF330000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\8B2F0000.VBN Infected: Trojan-Downloader.Win32.Small.bkr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\87D70000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A54F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A54F0001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\90EF0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D20D0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\320B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\25C30000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1EEB0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\27570000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\207F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\320B0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\30870000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\90C10000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\8E2D0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F4E50000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9090000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E38D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DD750000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E7E50000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E5B10000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9BAD0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C96B0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\460B0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\16A30000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99D70000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99D70001.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\927F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1DB0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74530000.VBN Infected: Trojan.Win32.Dialer.iz
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\76070000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1DB0001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\73AF0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\841F0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\836B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D2430000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\CE8B0000.VBN Infected: Trojan-Proxy.Win32.Wopla.n
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\CB930000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3CFB0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3AD70000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\38830000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\072F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74F70001.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7C8B0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\791F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6C530000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\717B0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43DD0000.VBN Infected: Trojan.Win32.Dialer.iz
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DC4D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BF10000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1CAB0000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDF0000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\19430000.VBN Infected: Trojan-Dropper.Win32.Agent.abu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24F70000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\267B0000.VBN Infected: Trojan-Dropper.Win32.Small.aih
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\21EF0000.VBN Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\23130000.VBN Infected: Trojan-Dropper.Win32.Agent.ri
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E870000.VBN Infected: Trojan-Downloader.Win32.Small.asa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\280B0000.VBN Infected: Trojan.Win32.Inject.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2BBF0000.VBN Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1CAB0001.VBN Infected: Trojan-Downloader.Win32.Small.byj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDF0001.VBN Infected: Trojan-Downloader.Win32.Small.byj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\19430001.VBN Infected: Trojan.Win32.Spabot.t
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24F70001.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\73690000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\06FB0000.VBN Infected: Trojan-Spy.Win32.Goldun.ey
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\10530000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E0AF0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\267B0001.VBN Infected: Trojan.Win32.Delf.pu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3F6F0000.VBN Infected: Trojan-Proxy.Win32.Delf.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3ADB0000.VBN Infected: Trojan-Downloader.Win32.CWS.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\37B30000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E170000.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E170001.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2CAB0001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\313F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DB8F0000.VBN Infected: Trojan.Win32.Delf.pu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790071.CPY Infected: Trojan.Win32.Crypt.t
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790072.CPY Infected: Trojan-Dropper.Win32.Small.qn
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790073.CPY/data0002 Infected: Trojan.Win32.Registrator.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790073.CPY/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790073.CPY Infected: Trojan-Downloader.Win32.Small.ayh
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790074.CPY Infected: Trojan-Downloader.Win32.Small.aal
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790075.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790076.CPY Infected: Trojan-Downloader.Win32.Small.abd
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790077.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790078.CPY Infected: Trojan-Downloader.Win32.Qoologic.ad
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790079.CPY/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790079.CPY Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790080.CPY Infected: Trojan-Downloader.Win32.VB.jl
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790081.CPY Infected: Trojan-Dropper.Win32.Agent.abb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790082.CPY Infected: Trojan-Dropper.Win32.Small.qn
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790083.CPY Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790084.CPY Infected: Trojan-Downloader.Win32.Hanlo.e
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790085.CPY Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790086.CPY Infected: Backdoor.Win32.Agent.ov
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790087.CPY Infected: Backdoor.Win32.Agent.rw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790088.CPY Infected: Trojan-Proxy.Win32.Wopla.n
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790090.CPY/data0001 Infected: Trojan-Downloader.NSIS.Agent.g
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790090.CPY Infected: Trojan-Downloader.NSIS.Agent.g
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790091.CPY Infected: Trojan.Win32.Pakes
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790092.CPY Infected: Trojan.Win32.Pakes
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790093.CPY Infected: Trojan-Downloader.Win32.Qoologic.af
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790094.CPY Infected: Trojan-Downloader.Win32.Qoologic.ak
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790095.CPY Infected: Trojan-Downloader.Win32.Small.afq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790096.CPY Infected: Trojan-Downloader.Win32.VB.ov
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790097.CPY/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790097.CPY/data.rar Infected: Trojan.Win32.LowZones.am
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790097.CPY Infected: Trojan.Win32.LowZones.am
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790098.CPY Infected: Trojan.Win32.LowZones.am
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790099.CPY Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790100.CPY Infected: Backdoor.Win32.Dumador.eo
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790101.CPY/data0002 Infected: Trojan-Downloader.Win32.Keenval
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790101.CPY/data0004 Infected: Trojan-Downloader.Win32.Keenval
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790101.CPY/data0005 Infected: Trojan-Downloader.Win32.Keenval
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790101.CPY Infected: Trojan-Downloader.Win32.Keenval
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790102.CPY/data0010 Infected: Trojan.Win32.KillApp.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790102.CPY/data0012 Infected: Trojan.Win32.VB.od
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790102.CPY Infected: Trojan.Win32.VB.od
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790103.CPY Infected: Trojan-Dropper.Win32.Small.ht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0002/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0002/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0004/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0004/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0004 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790106.CPY Infected: Trojan.Win32.SecondThought.an
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790107.CPY Infected: not-virus:Hoax.Win32.Renos.ac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790108.CPY Infected: Trojan-Downloader.Win32.Small.bon
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN Infected: Trojan-Downloader.Win32.Small.bon
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710001.VBN/A1700838.CPY Infected: Trojan-Spy.Win32.VB.eh
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710001.VBN/A1700839.CPY Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710001.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700842.CPY Infected: Trojan-Downloader.Win32.Small.bxc
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700843.CPY Infected: Trojan-Downloader.Win32.Tibs.p
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700844.CPY Infected: not-virus:Hoax.Win32.Renos.ac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700846.CPY Infected: Trojan-Downloader.Win32.Small.bwm
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700856.CPY Infected: Trojan.Win32.Favadd.an
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700859.CPY Infected: Trojan.Win32.Small.gq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700860.CPY Infected: Trojan-Downloader.Win32.Agent.uj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700861.CPY Infected: Trojan-Downloader.Win32.Agent.uj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700872.CPY Infected: Trojan-Downloader.Win32.Pacer.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700875.CPY Infected: Trojan.Win32.Pakes
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700879.CPY Infected: Trojan.Win32.Dialer.ay
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700881.CPY Infected: Trojan-Downloader.Win32.Agent.aaf
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700882.CPY/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700882.CPY/data0002 Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700882.CPY Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700883.CPY Infected: Trojan-Downloader.Win32.Dyfuca.dt
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700884.CPY Infected: Trojan-Downloader.Win32.VB.hw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700885.CPY Infected: Trojan-Downloader.Win32.Dyfuca.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700887.CPY Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700890.CPY Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700892.CPY Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700894.CPY/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700894.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700894.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700895.CPY/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700895.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700895.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700896.CPY/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700896.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700897.CPY/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700897.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700901.CPY Infected: Trojan-Proxy.Win32.Small.cf
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700902.CPY Infected: Trojan-Downloader.Win32.Delf.abu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700907.CPY Infected: Trojan-Downloader.Win32.CWS.o
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700923.CPY Infected: Trojan-Dropper.Win32.SurfSide.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700930.CPY Infected: Trojan-Dropper.Win32.Delf.z
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700942.CPY Infected: Trojan.Win32.Crypt.t
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700974.CPY Infected: Trojan.Win32.Small.cy
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN Infected: Trojan.Win32.Small.cy
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\APTemp\AP0.dll Infected: Trojan-Spy.Win32.Idly.c
c:\HJT\backups\backup-20051208-002053-389.dll Infected: Trojan.Win32.Dialer.fu
c:\HJT\backups\backup-20051208-002053-384.dll Infected: Trojan-Downloader.Win32.IstBar.gen
c:\HJT\backups\backup-20051208-210323-298-nrna.exe Infected: Trojan.Win32.Pakes
c:\!KillBox\ride5.0.exe Infected: Trojan-Dropper.Win32.Agent.xw

Scan process completed.
-----------------------------

Still didn't download the update (I have yet to install SP1)
but I'd like to say that my problem is not exactly that one

When I click on a link it won't open and at the bottom of the screen, where the small IE icon is, there is a sentence always starting with
Javascript...and then appears the word done, even if in fact nothing happens.

Please let me know how to proceed.
Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby Kimberly » February 4th, 2006, 11:45 am

The settings I found referred to Java were:
Java permissions - High Safety
Scripting of Java applets- Enable
and just in case
Miscellaneous Access data sources across domains- Disable

Those settings shouldn't prevent it from running. Maybe your Java is damaged then. You had so many nasties on your PC. Perform the following :

Start > Run > type command. In the dos box, type jview and hit enter. What is listed ? Version ? Any errors ? Do you still have the Microsoft Java VM on a CD somewhere ?

Still didn't download the update (I have yet to install SP1)

According to your Hijackthis log, Internet Explorer 6 Service Pack 1 is installed.
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
______________________________

Open Norton Antivirus, go to the quarantaine section and delete all the files in there.
______________________________

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present:

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) --- it's a stuuborn one, we'll try an alternative method if it does not go away.

Close ALL windows and browsers except HijackThis and click Fix Checked
______________________________

Let's get the keys to manually remove the stubborn O3 entry.

Copy/paste the following quote box into a new notepad (not wordpad) document.

regedit /a /e %systemdrive%\regkey.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks"
notepad %systemdrive%\regkey.txt
del /q %systemdrive%\regkey.txt

Save it to your Desktop as regkey.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name:regkey.bat

Locate regkey.bat on your Desktop and double-click it. If you see that the filename is regkey.bat.txt change it to regkey.bat
When notepad opens, copy/paste the content in your reply. When you close Notepad the DOS window will close automatically and the text file will be deleted.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby arqa » February 4th, 2006, 5:44 pm

Hello Kim,

I tried to run jview, but the screen dissapears before I
can read it...

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

Please tell me what to do next. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby Kimberly » February 5th, 2006, 10:38 am

Hi arqa,

Let's proceed differently then. Click Start > Run > type command
In the DOS box, type jview > c:\jview.txt

Using Windows Explorer, locate C:\jview.txt, open it with Notepad and paste it's content here please.

Click Start > Run > type regedit

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks - it's like windows explorer, clicking on the + sign expands the key. Select the key above and in the right pane select the value 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} and delete the value. (right click on it and select delete)

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby arqa » February 5th, 2006, 11:27 pm

Hello Kim,

I deleted the value thru Regedit, but unfortunately coudn't get to
C:\jview.txt I did a search with no results.
I typed jview > c:\jview.txt but the DOS window dissappears before
I can read it.

C:\WINDOWS has a jview.exe, but no jview.txt

While browsing that folder I found the following
Hpqhztnei.vap
Hwhfrphc.clk
Jnmtexntuj.kzy
Jmfwutf.uae
Jmxhipkgctr.amt
Jooaaijcj.zjw
Kfijlwfq.ojx
Sfokkxlop.vvp
Are they malware?

Please advise. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby Kimberly » February 6th, 2006, 12:21 am

Hello arqa,

C:\WINDOWS has a jview.exe, but no jview.txt

jview.txt will be located in C:\ - not in C:\windows since we are redirecting the output to a txt file instead of showing it in the DOS box.

If you don't find the txt file, then it probably hasn't been created which would mean that something is wrong with your Java files.

You may indeed delete all those files, they aren't good files at all. Is the date of those files recent ? I mean more recent than the latest Kaspersky scan ?
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby arqa » February 6th, 2006, 10:00 am

Hello Kim,

Those files are recent, although not more recent than the
latest Kaspersky (they're dating from the end of 2005)

Regarding the jview.txt... My search didn't bring any results.

I should have the original installation CDs somewhere.
If so, how do I retrieve Microsoft Java?

Please let me know. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby Kimberly » February 6th, 2006, 12:29 pm

Ok, so that was not an new infection that showed up.

I don't know if it is possible to retrieve the Java from the original CD because it's embedded in the original Internet Explorer 5.5 that ships with Windows ME. Since you already have a more recent version of Internet Explorer, you won't be able to use the IE repair feature.

You can download the latest Microsoft Java build from here:
http://supportdownloads.homestead.com/3810/msjavwu.exe

Save it to your desktop, doubleclick the file to install and follow the onscreen instructions. A reboot will be needed.

The file is also available on Windows Update, it should be labeled like this:

Microsoft Security Bulletin MS03-011
Flaw in Microsoft VM Could Enable System Compromise (816093)

An alternative solution would be the Sun Java since MS stopped updating their VM
http://www.java.com/en/download/manual.jsp

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby arqa » February 7th, 2006, 11:15 am

Hello Kim,

I tried both ways (Microsoft Java & Sun Java) but unfortunately
all is still the same :(

One example
I clicked on a link, and in the address display appeared the
following
"Javascript voided Open new window............"
Another example
I click on a link and at the bottom of the screen, next to the IE
icon says "Done", and nothing happens.

One more thing I didn't mention, that happened as a result of
that terrible infection, is that the display of the different folders
changed and now the names of them appear "%%.....%%" and
the windows look weird, with a different format.
Any suggestions?

Thanks :)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby Kimberly » February 8th, 2006, 12:42 pm

Hello arqa,

It's a pitty that you didn't mention the strange display of the folders ("%%.....%%"). Your computer did indeed suffer from a terrible infection and much damage has been done to your PC / files. You have registry keys that should not exist on Windows ME, I did remove one but you may have others. Your Java is damaged and registry settings may be missing or damaged and now the folder names problem. :(

You had infections that we usually don't see on ME ... I'm very sorry, but at this point a complete format / reinstall is the only way to get everything running again. It's something I don't like to say, but it should have been done since the very beginning. You did spend a lot of time trying to fix the PC, but it's hopeless.

I can post a few links to install guides and post some personal tips to perform this if you want.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby arqa » February 8th, 2006, 1:10 pm

Hello Kim,

Thanks for your advise.

It feels pretty scary to have to re-format/re-install everything,
mainly because of the fear of not getting it to run again...

Anyway, if that's the only option... let's try to understand what has
to be done and how.

I'll welcome all the support and guidance I can get.
Thanks :)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby Kimberly » February 8th, 2006, 2:20 pm

A reinstall should not be very scary. I'll try to cover as much as possible. Can you create an uninstall list with Hijackthis please, so I can see what software is installed. It's to create a checklist before we give it a go, ok ?

Run HijackThis, click on Open the Misc Tools Section, click on Open Uninstall Manager. Click on Save List and save uninstall_list.txt to your Desktop. Open this file in Notepad and copy/paste the content in your reply.

Do you have msinfo32 on your system ? Start > run > msinfo32
Let me know.

Do you have a floppy drive on the PC ?

I will put together a list of things to have and to check before you attack the reinstall procedure.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby arqa » February 9th, 2006, 12:07 am

Hello Kim,

Here's the HJT list

3D Studio MAX R2.5
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager (Remove Only)
America Online (Choose which version to remove)
AOL Instant Messenger
AutoCAD 2000
CCleaner (remove only)
Comcast Toolbar
Conexant HCF V90 56K Data Fax PCI Modem (Uninstall)
Creative PCI Audio Drivers
Cryo Interactive\Asterix & Obelix
Dell Solution Center
Dell Support Introduction
Disney's Extremely Goofy Skateboarding Preview
Display Utility
Enhanced Ads by Zeno removal
Finding Nemo: Nemo's Underwater World of Fun Special Edition
FoneSync
Generic SoftK56 Data Fax Voice
Google Toolbar for Internet Explorer
Hebrew Language Support
HijackThis 1.99.1
Hugo
IE Host
i-LEARN My Dell PC
Image Expert 2000 v3.2
Imgiant version 2.3
Internet Explorer Q891781
J2SE Runtime Environment 5.0 Update 6
Juno
Kaspersky On-line Scanner
Lavasoft VX2 Cleaner
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
MA111 Configuration Utility
Macromedia Shockwave Player
MageSlayer
Media-motor
Microsoft Encarta Encyclopedia Standard 2001
Microsoft Excel 97
Microsoft IntelliPoint
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Money 2001
Microsoft Outlook Express 5
Microsoft Picture It! Publishing 2001
Microsoft PowerPoint Viewer 97
Microsoft Streets and Trips 2001
Microsoft VGX Q833989
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSN Messenger 6.2
MSN Toolbar
Network Play System (Patching)
Pearl Harbor Attack Attack!
Petz 3
Petz 4
PhoneTools
Power Scan
Quick Links
QuickTime 3.0
RealPlayer Basic
RelevantKnowledge
Salón de Belleza Barbie
Select CashBack
Select CashBack
SEP
Shockwave
snss
Spanish Menus and Dialogs for Internet Explorer 6
Spider-Man Kellogg's Demo
SpywareBlaster v3.5.1
Surf Accuracy
Symantec AntiVirus Client
Tarzan Action Game
The Sims House Party
The Sims Vacation
Treasure Planet: Battle at Procyon - Demo
Trend Micro PC-cillin Internet Security 2005
Ultimate Ride Preview Kelloggs
UnSpyPC
User's Guides
Who Wants To Be A Millionaire
Win-dh
Windows Millennium Edition KB891711 Update
Windows Millennium Edition Q823559 Update
Windows Overlay Components
wzcqlrx
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
Yazzle Sudoku by OIN
YOU DON'T KNOW JACK Movies
Zeno Search Assistant removal
-----------------------------------------------------
I typed msinfo32 and a window opened listing
Hardware, components, Software environment,
Internet Explorer and Applications.

I have a floppy drive.

Please let me know what's next.
Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware