Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

HiJackThis log! June 12

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Unread postby rstones12 » June 22nd, 2005, 12:52 pm

hrdcover,
Please read "ALL" of the instructions before proceeding:

You may want to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop.

This will take a few steps, if you have any questions along the way please ask...

Download CleanUp
Install the program, dont run it yet, we will later.

Download Pocket Killbox
Click Here to download Pocket Killbox by Option^Explicit.
Unzip the program and save it to your desktop, dont run it just yet.

Next, please reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

Do not open any new windows.
Now scan with HJT and place a checkmark next to each of the following items:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O17 - HKLM\System\CCS\Services\Tcpip\..\{138BD34C-5FAF-4DAB-BF8A-285D85C5F707}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA575D31-8FC4-407F-9EAB-525AD6A5F096}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{138BD34C-5FAF-4DAB-BF8A-285D85C5F707}: NameServer = 69.50.184.84,195.225.176.37

Within HJT click the Fix Checked button. Close HJT.

Now lets check some settings on your system.
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
      Usually Local Area Connection for Cable and DSL
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen, if it asks to reboot select "NO", we will later.
Now lets run Killbox
  • Double-click on Killbox.exe to start the program.
  • In the killbox program, select the Delete on Reboot option.
  • In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure!):

C:\WINDOWS\system32\nC5594Om3.dll
C:\WINDOWS\system32\epx30104.exe
C:\WINDOWS\system32\epx30105.exe
C:\WINDOWS\system32\yqssr.exe
  • Press the button that looks like a red circle with a white X in it after each one.
  • When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button.
  • Do this after each one until you have entered the LAST file path I have listed above.
  • After that LAST file path has been entered, press the YES button at both prompts so that your computer restarts.
  • If you receive a message and your computer does not restart automatically, please restart it manually.

Once you have rebooted into Normal Mode, please do the following:

Run the CleanUp program you downloaded earlier.
*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folder, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
    Uncheck cookies
    This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea.
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp


Reboot once again and post back a new HJT log by using Post Reply

Thanks,
rstones12
User avatar
rstones12
Regular Member
 
Posts: 54
Joined: February 1st, 2005, 9:11 pm
Location: Tempe, AZ
Top
Advertisement
Register to Remove

Not sure what to do.

Unread postby hrdcover » June 23rd, 2005, 5:21 am

I made it through the downloads and ran HJT with "fix checked" as you indicated. However, in Safe Mode I have an empty Network Connections folder so I stopped there and rebooted to normal. In normal mode, I could see my default connection in the Network Connections folder and it was setup as you indicated. What do you want me to do now?
Pat
hrdcover
Regular Member
 
Posts: 27
Joined: June 12th, 2005, 12:53 pm
Location: Anchorage
Top

Unread postby rstones12 » June 23rd, 2005, 11:12 am

hrdcover,
Please post back a new HJT log by using Post Reply

Thanks,
rstones12
User avatar
rstones12
Regular Member
 
Posts: 54
Joined: February 1st, 2005, 9:11 pm
Location: Tempe, AZ
Top

Fresh log

Unread postby hrdcover » June 23rd, 2005, 9:59 pm

Thanks! Here is New HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:59:07 PM, on 6/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_Mw
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptax
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/defaul ... Loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evx (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
hrdcover
Regular Member
 
Posts: 27
Joined: June 12th, 2005, 12:53 pm
Location: Anchorage
Top

Unread postby rstones12 » June 24th, 2005, 2:07 am

hrdcover,

Your HJT log is looking good, how are things running?

Thanks,
rstones12
User avatar
rstones12
Regular Member
 
Posts: 54
Joined: February 1st, 2005, 9:11 pm
Location: Tempe, AZ
Top

Better!

Unread postby hrdcover » June 24th, 2005, 11:33 am

We are seeing improvement, with less frequent pop-ups, though still are seeing some page reidirects and pop-ups.
hrdcover
Regular Member
 
Posts: 27
Joined: June 12th, 2005, 12:53 pm
Location: Anchorage
Top

Unread postby rstones12 » June 24th, 2005, 11:48 am

hrdcover,
Go ahead and post a new HJT log and we will take a look..

Thanks,
rstones12
User avatar
rstones12
Regular Member
 
Posts: 54
Joined: February 1st, 2005, 9:11 pm
Location: Tempe, AZ
Top

Unread postby hrdcover » June 25th, 2005, 5:44 am

Here is my latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:43:19 AM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\readerware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\PROGRA~1\HomeBase\homebase.exe
C:\Program Files\USPSShippingAssistant\AutoShippingAPI.exe
C:\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_Mw
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptax
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/defaul ... Loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evx (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
hrdcover
Regular Member
 
Posts: 27
Joined: June 12th, 2005, 12:53 pm
Location: Anchorage
Top

Where did you go?

Unread postby hrdcover » June 30th, 2005, 9:33 am

Never heard back since posting my HJT log last Saturday. Since my post was scrolling off the page I am posting a fresh log. Perhaps there was some confusion and it was thought that my problems had been eliminated.

The fixes to date eliminated the worst of the pop-ups and re-directs, but not all of them. Additionally, at least once a day Norton finds and deletes this Adclicker trojan (C:Windows\System 32\cisvvc.exe). Today, Norton popped up and said it found but could not repair another trojan (C:\Windows\System32\DRV2CLTR.dll).

Thanks!
Pat

Logfile of HijackThis v1.99.1
Scan saved at 5:24:21 AM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_Mw
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptax
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/defaul ... Loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evx (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
hrdcover
Regular Member
 
Posts: 27
Joined: June 12th, 2005, 12:53 pm
Location: Anchorage
Top

Unread postby wng_z3r0 » July 14th, 2005, 2:04 pm

Rstones hasn't been around for awhile, so I will help you with your issues. The last log is 2 weeks old. Can I get a fresh log so I can help you?

I am sorry for the delay in responding.
wng
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm
Top

Unread postby hrdcover » July 15th, 2005, 8:55 am

Thanks very much. Here is my latest HJT log.
Pat

Logfile of HijackThis v1.99.1
Scan saved at 4:50:21 AM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\readerware.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\PROGRA~1\HomeBase\homebase.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\WINDOWS\system32\cmd.exe
C:\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_Mw
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptax
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [plgwk] C:\WINDOWS\System32\plgwk.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/defaul ... Loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evx (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
hrdcover
Regular Member
 
Posts: 27
Joined: June 12th, 2005, 12:53 pm
Location: Anchorage
Top

Unread postby wng_z3r0 » July 16th, 2005, 8:27 pm

ok:
do you recognize this?
C:\Program Files\readerware.exe

please print these instructions. Then close all programs (especially your internet browser!!)

Doubleclick on HijackThis.
Then click on the button that says run a system scan
Then place a check next to the following items and click "fix"

O4 - HKLM\..\Run: [plgwk] C:\WINDOWS\System32\plgwk.exe


Then,
We need to do a search. Start | Search | For Files and Folders.
Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
Paste this into the Search for files and folders named box:

C:\WINDOWS\System32\plgwk.exe
If any of these files are found please delete them.

Post a new HJT log, as well as any symptoms.
wng
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm
Top

Unread postby hrdcover » July 17th, 2005, 3:19 pm

Yes, I recognize readerware. It's a widely used subscription software program I use to manage a book-selling business.

HJT fixed the file and nothing found after the search.

At present we are not seeing any re-directs.

We still get messages from Norton that it has found and deleted trojans:

c:\WINDOWS|System32\mssosxrt.exe (Trojan.Dropper)

C:\WINDOWS\System32\cisvvc.exe (Trojan.Adclicker)

In addition, we have messages pop-up. One says its the Windows Security Center with the message "WARNING: Windows firewall detected suspicious network activity on your computer. Malicious software codes may try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords. Do you want to learn how to protect your computer?"

The other is a message baloon that pops up and reads: "Your computer might be at risk. Your virus protection is bad. Spyware activity detected. Click this baloon to fix this problem."

Here is a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:53 AM, on 7/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HiJackThis\HijackThis.exe

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_Mw
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptax
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/defaul ... Loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA575D31-8FC4-407F-9EAB-525AD6A5F096}: NameServer = 69.50.176.157,85.255.112.6
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evx (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
hrdcover
Regular Member
 
Posts: 27
Joined: June 12th, 2005, 12:53 pm
Location: Anchorage
Top

Unread postby wng_z3r0 » July 17th, 2005, 3:32 pm

Let's try a different approach... YOu might wanna do this before going to bed as it will take awhile.

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:

Memory
Startup Folders
Drive - All Local Drives
Folder - then click "browse" to change the directory to C: (default is C:\Windows)
Registry
System Folders
Services
Include Sub-Directory
Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

wng
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm
Top

Unread postby hrdcover » July 19th, 2005, 10:04 am

Here is the summary:

Tue Jul 19 05:55:22 2005 => ***** Scanning complete. *****
Tue Jul 19 05:55:22 2005 => Total Objects Scanned: 247505
Tue Jul 19 05:55:22 2005 => Total Virus(es) Found: 2571
Tue Jul 19 05:55:22 2005 => Total Disinfected Files: 0
Tue Jul 19 05:55:22 2005 => Total Files Renamed: 0
Tue Jul 19 05:55:22 2005 => Total Deleted Objects: 0
Tue Jul 19 05:55:22 2005 => Total Errors: 24
Tue Jul 19 05:55:22 2005 => Time Elapsed: 06:09:00
Tue Jul 19 05:55:22 2005 => Virus Database Date: 2005/06/24
Tue Jul 19 05:55:22 2005 => Virus Database Count: 136182

Here is the log:

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\RxSBDViewEx.SBDGroupCtrl" refers to invalid object "{7495CF57-E208-4DF0-A8C5-9E17ECC51490}". Action Taken: No Action Taken.
Entry "HKCR\RxSBDViewEx.SBDGroupCtrl.1" refers to invalid object "{7495CF57-E208-4DF0-A8C5-9E17ECC51490}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\epx30104.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\plgwkaeg05.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\WinStat11.dll tagged as "not-a-virus:AdWare.Winsta.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\yqssr.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\PATNOA~1.DEL\LOCALS~1\Temp\GLB1A2B.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Alec Noah\Desktop\GOOD STUFF\BitTorrent-4.0.1.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
File C:\Documents and Settings\Alec Noah\Desktop\GOOD STUFF\cs1005.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken.
File C:\Documents and Settings\Alec Noah\Desktop\GOOD STUFF\Downloads\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.16. No Action Taken.
File C:\Documents and Settings\Hallie Noah\Local Settings\Temp\180sainstaller.exe tagged as "not-a-virus:AdWare.180Solutions.g". Action Taken: No Action Taken.
File C:\Documents and Settings\Hallie Noah\Local Settings\Temp\Del50.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Hallie Noah\Local Settings\Temp\Del5A.tmp tagged as "not-a-virus:AdWare.180Solutions.g". Action Taken: No Action Taken.
File C:\Documents and Settings\Hallie Noah\Local Settings\Temp\res51.tmp tagged as "not-a-virus:AdWare.180Solutions.g". Action Taken: No Action Taken.
File C:\Documents and Settings\Hallie Noah\Local Settings\Temporary Internet Files\Content.IE5\4FWH6H0N\ADL[1].CHM infected by "Trojan-Downloader.VBS.Psyme.x" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Pat Noah.DELL1\Local Settings\Temp\GLB1A2B.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Pat Noah.DELL1\My Documents\Downloads\aawseplus.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Pat Noah.DELL1\My Documents\Downloads\HomeBase23EN.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\HiJackThis\backups\backup-20050613-202216-455.dll tagged as "not-a-virus:AdWare.Winsta.a". Action Taken: No Action Taken.
File C:\Program Files\Ad-Aware Personal\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\BitTorrent\uninstall.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
File C:\Program Files\HomeBase\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Iomega\AutoDisk\Setup_enu.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Iomega\Iomega Sync\SystemFiles\setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Iomega\System32\Win2kDrivers.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Lavasoft\Ad-Aware SE Plus\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.16. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\CM\CMInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\TDMInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\002D2759.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\00337B52.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01AA7C39.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01AD2CB2.dll infected by "Trojan.Win32.StartPage.xb" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01B05032.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0378363E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0539498B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\053D7388.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05CE1A3F.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05D1443B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06235DE1.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A5F67DE.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A6211DA.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AB40487.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AEB123B.exe tagged as "not-a-virus:AdWare.MDH.a". Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B137FE2.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B8564AB.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E85365E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E88605A.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10B11A45.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11543716.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11576113.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11704176.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11746B72.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\119327D9.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11946880.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11BE6F39.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11E47C2B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11E82628.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12760725.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12793122.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\127A5F7D.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\127D0979.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13035099.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\142929FB.fr6 tagged as "not-a-virus:AdWare.F1Organizer.r". Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14C44606.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14F449A0.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\150D484A.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\157E7FD1.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16AA0233.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16B42B21.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16B7551E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16D67A5B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17E56105.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18E5325C.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18E85C59.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\194B3DBE.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B64596E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BF136D1.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C4F6D3D.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CD50CE8.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D9B76ED.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D9F20E9.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DE64BB4.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1EA55541.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1ED147D1.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1F8B3E7A.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\20C47D21.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\20CB511A.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\20D12513.tmp infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\210650D4.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\224A2E18.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\224D5814.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\242379BF.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\242723BC.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\248570BC.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25A800B4.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25AB2AB1.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25BD029A.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25C02C96.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\268C6163.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\268F0B5F.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26F73D39.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27013B2E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27B57CA3.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27B8269F.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27E572CC.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28D27AD7.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28DF6CE0.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28F612C7.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28F93CC3.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B433A20.tmp infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B7F16DF.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BD719C5.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2CFE705A.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D011A56.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2EE925A5.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2EEC4FA1.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FB50140.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FB92B3C.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\31565C37.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\318863DA.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32B14A42.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32B4743E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32C83895.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32CC68FD.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32D33CF6.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32EB4773.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3370496A.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33CB7A74.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33E2205A.tmp infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\355F546B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35990705.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\36482660.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\364B505D.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\37376E32.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\373A182E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\37925A69.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38D53796.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38DE5B51.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38E55499.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38F9451B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39610748.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\396B053E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3A6B55B9.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3AAA7C07.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B4E30D4.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B515AD0.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3E95678C.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3E991188.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F80486C.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F8D705D.tmp infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42CE5405.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42D17E01.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\433E64E9.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\435435A7.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43C1217A.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43C44B77.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44060CB1.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\440A36AD.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44747CC2.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44D64C37.dll infected by "Trojan.Win32.StartPage.xb" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45EC42FB.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\47A50B75.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\47AC5F6E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\493A3008.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\49F30EE8.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A3B73BF.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A3E1DBC.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4C020EF6.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4C160AE1.tmp infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4E7E2A8F.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4E82548B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F110BED.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F1535EA.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4FA105DB.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4FCA7CFB.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\52870D0D.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\529E32F3.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\52FE0D50.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5302280E.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\549B56A9.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\54B40257.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\54B62A0A.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\54BA5406.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\563C0AE9.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\564034E5.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56CF6C47.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\575514FE.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\576B4FA2.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57F063EC.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\581F2A85.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C366E0F.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C39180B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5CFE1EF9.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5E7D13CF.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5EC45011.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F977721.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61AE505B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61B52454.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63DB24FE.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63DF4EFA.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63EE2B41.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64E00702.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65E4350D.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\67CB5439.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\67CE7E35.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\683A67BE.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6849545A.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\687D7420.dll infected by "Trojan.Win32.StartPage.xb" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69B46BD3.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69B715D0.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A473A3D.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A4E0E36.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A996A89.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A9C1485.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6AD718B0.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6AFA69A7.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6C1A151F.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6C1E3F1C.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6CBA60FB.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6CBD0AF7.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6DB17074.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\726647A7.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7270459C.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72705C17.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72740614.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\737C1B7F.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\754E2027.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75514A24.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76837F91.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\777D7600.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\779071EB.tmp infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\793A5DC5.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\794131BD.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C7B0B8A.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D7D36A3.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D81609F.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D840A9B.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E0D7BB7.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E525316.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E895E7C.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7FA065A9.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0D1A411A infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\16A141E6.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27C06419 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2A7851B5.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2E1673EE infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2E4015BF infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2E4A13B5 infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2EA4731E infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\31B472DD infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\355039C6 infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\517B5E78 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\566B2748 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\771051A4 infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7BC246CF infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Valve\Steam\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Valve\Steam\Unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Sierra\Counter-Strike\hltv.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken.
File C:\steaminstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP154\A0048166.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0054236.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0054239.exe infected by "Trojan.Win32.DNSChanger.r" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0055232.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0055243.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0055265.exe infected by "Trojan.Win32.DNSChanger.r" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0055266.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0055280.exe infected by "Trojan.Win32.DNSChanger.r" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0055283.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0055288.dll infected by "Trojan.Win32.StartPage.xb" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0055292.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP167\A0055307.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0055310.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0055311.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0055312.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0055324.exe infected by "Trojan.Win32.DNSChanger.r" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0055357.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056357.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056370.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056392.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056395.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056408.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056413.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056414.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056418.exe tagged as "not-a-virus:AdWare.MDH.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056425.dll tagged as "not-a-virus:AdWare.F1Organizer.r". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP168\A0056426.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0056438.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0056449.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0056450.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0056615.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0056616.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0057426.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0057439.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0058425.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0058434.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0058445.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0058446.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0058447.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0058460.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0058461.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0058481.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP169\A0058482.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058503.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058504.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058505.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058510.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058526.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058571.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058572.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058581.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058594.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058633.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058634.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058636.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058650.exe infected by "Backdoor.Win32.Agent.bg" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058652.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058653.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058657.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0058658.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0059579.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP170\A0059593.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0059605.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0059607.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0059610.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0059612.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0059613.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0059617.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0059618.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0060579.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0060590.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0060596.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0060597.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061579.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061593.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061598.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061609.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061618.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061619.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061620.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061628.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061629.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061656.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061657.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061665.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061666.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061667.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP171\A0061668.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP173\A0066518.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP173\A0066546.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP173\A0066580.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP173\A0066585.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP173\A0066587.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP173\A0067497.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP173\A0067529.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP173\A0067530.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP173\A0067532.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067650.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067741.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067802.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067804.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067928.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067939.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067957.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067958.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067959.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067976.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067977.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0067998.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP175\A0068011.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0068012.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0068017.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0068018.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0068998.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0069010.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0069015.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0069016.exe infected by "Trojan-Clicker.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0069030.exe infected by "Trojan-Dropper.Win32.Agent.nj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0069045.dll infected by "Trojan-PSW.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0069212.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B315DD6C-E9C9-4CC1-8D9F-67F87E6AC756}\RP176\A0069214.exe infected by "Trojan-Clicker.Win32.
hrdcover
Regular Member
 
Posts: 27
Joined: June 12th, 2005, 12:53 pm
Location: Anchorage
Top
Advertisement
Register to Remove
PreviousNext
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 443 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index