Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I hate popups. Help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby SNOWHITE » July 15th, 2007, 11:36 am

Hello ross_rachel4life,

ross_rachel4life wrote:Posting reports soon, I have not had access to a computer for a week.


Thanks for letting me know :)


Best regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm
Advertisement
Register to Remove

Unread postby ross_rachel4life » July 20th, 2007, 1:24 pm

There is no "shield" in the right hand corner of my screen. Should I skip this step for now and continue with the directions?
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby SNOWHITE » July 20th, 2007, 1:34 pm

ross_rachel4life wrote:There is no "shield" in the right hand corner of my screen. Should I skip this step for now and continue with the directions?


Norton is enabled and running right?

You can skip the instructions for cleaning Norton quarantined files, those files cant do any harm to the computer.
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby ross_rachel4life » July 20th, 2007, 3:34 pm

In the right hand corner of the screen there is that yellow circle for Norton with a red x - if I hilight that it says "Norton AntiVirus Auto-Protect Disabled"
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby SNOWHITE » July 20th, 2007, 3:51 pm

ross_rachel4life wrote:In the right hand corner of the screen there is that yellow circle for Norton with a red x - if I hilight that it says "Norton AntiVirus Auto-Protect Disabled"


OK, you had two antivirus programs on the computer Norton and McAfee. I asked you that you uninstall or disable one of them in my previous instructions. Have you decided which one to keep? If Norton is disabled, is McAfee enabled and running?

It is important that you have one antivirus running and scanning in background, so the computer can be safe, otherwise it will get reinfected..
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby ross_rachel4life » July 20th, 2007, 7:25 pm

SNOWHITE wrote:
ross_rachel4life wrote:In the right hand corner of the screen there is that yellow circle for Norton with a red x - if I hilight that it says "Norton AntiVirus Auto-Protect Disabled"


OK, you had two antivirus programs on the computer Norton and McAfee. I asked you that you uninstall or disable one of them in my previous instructions. Have you decided which one to keep? If Norton is disabled, is McAfee enabled and running?

It is important that you have one antivirus running and scanning in background, so the computer can be safe, otherwise it will get reinfected..


While Norton is disabled, I assume McAfee is running. I didn't set up this computer, so is there any way to make sure that that's the program running?
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby SNOWHITE » July 26th, 2007, 6:03 pm

Hello ross_rachel4life,

Sorry for the delay, due to some personal problems i was not able to reply to you earlier.

You can check if McAfee is running, from settings tab in your McAfee program.
Ask the person which was setting up the antivirus programs, which one is outdated or you haven't payed for it and uninstall that one.

Please follow the instructions about running scan with Kaspersky online scanner and post the report back here together with new HijackThis log. Also let me know how is the computer running.
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby ross_rachel4life » July 29th, 2007, 8:18 pm

That's alright :)

With your last directions, you said to clean the cache, temp files, etc. I didn't do that yet because you said to follow directions starting from the Kaspersky scan, and that was the last thing I had to do.

Also, once we get the computer clean, will I be able to delete some of the programs I downloaded along the way?

My computer seems to be running smoothly. Although before all of this happened, sometimes when I would go to websites in IE the window would just freeze for a few seconds. The hourglass would show up and the window would say "not responding" It goes away but it's very annoying when I am on websites. Any info on this problem?

OTMoveIt scan results

C:\Documents and Settings\Christina\Application Data\ntos.exe moved successfully.

Created on 07/20/2007 13:20:07

Kaspersky scan
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 29, 2007 8:15:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 30/07/2007
Kaspersky Anti-Virus database records: 369413
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 102600
Number of viruses found: 32
Number of infected objects: 194
Number of suspicious objects: 0
Duration of the scan process: 01:46:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9797cc75d505991df8f23c20def034b4_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb2f04e68ab348f06fc2f5c38dc43a21_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Christina\Application Data\Aim\kfvpwvul\byxtheway\cert8.db Object is locked skipped
C:\Documents and Settings\Christina\Application Data\Aim\kfvpwvul\byxtheway\key3.db Object is locked skipped
C:\Documents and Settings\Christina\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\History\History.IE5\MSHist012007072920070730\index.dat Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Temporary Internet Files\Content.IE5\UYFWVZ45\people[1].htm Object is locked skipped
C:\Documents and Settings\Christina\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Christina\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Donna\Local Settings\Temp\hsperfdata_Donna\7024 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Richard\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Richard\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Richard\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Richard\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Richard\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Richard\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Richard\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\0FTCM56G\movie[1].qtl Infected: Exploit.Multi.Qtp.b skipped
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\Z01TUDJO\24.8.228[1].htm Infected: Trojan-Downloader.JS.Agent.kd skipped
C:\Documents and Settings\Richard\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Richard\ntuser.dat.LOG Object is locked skipped
C:\HJT\backups\backup-20070704-133141-551.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\074D5471.dll Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.dll Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079371DF.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\079371DF.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\079371DF.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079371DF.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07961BDB.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\07961BDB.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\07961BDB.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07961BDB.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079945D8.exe/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\079945D8.exe NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079945D8.exe CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A343CD.ocx Infected: Trojan-Downloader.Win32.Agent.ex skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A343CD.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A66DC9.dll Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AD41C2.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Relevance.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AD41C2.exe/stream Infected: not-a-virus:AdWare.Win32.Relevance.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AD41C2.exe NSIS: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AD41C2.exe CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07BA69B4.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.aj skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.TotalVelocity.aj skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp/InpB Infected: not-a-virus:AdWare.Win32.TotalVelocity.aj skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp CAB: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\164D20A5.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\164D20A5.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\164D20A5.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\164D20A5.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\186D4A5E.tmp Infected: Trojan-Dropper.Java.Cliper.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AAC3BD1.EXE/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AAC3BD1.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AAC3BD1.EXE WiseSFX: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AAC3BD1.EXE CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FE54A1.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FE54A1.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FE54A1.exe WiseSFX: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FE54A1.exe CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4326263C.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\4326263C.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\4326263C.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4326263C.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\45275F8C.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\45275F8C.zip ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\45275F8C.zip CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe CAB: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DFA2302.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DFA2302.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DFA2302.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DFA2302.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\508442A6.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\508442A6.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\508442A6.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\508442A6.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\561062D5.tmp Infected: Trojan-Dropper.Java.Cliper.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp CAB: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe/data0003 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe/data0004 Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe/data0005 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe NSIS: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.dll Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.EXE/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.EXE WiseSFX: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.EXE CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AB31F9.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AB31F9.zip ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AB31F9.zip CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7597669E.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\7597669E.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\7597669E.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7597669E.zip CryptFF: infected - 2 skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp11.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp18.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp25.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp886.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp88F.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp943.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp95C.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp970.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp976.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp981.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp98B.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\gebaya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\hgdebx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\ljggff.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\ljghgf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\nnkhih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\nnkige.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\xxxvvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\catchme2007-07-04_134532.48.zip/CICnt5.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
C:\QooBox\Quarantine\catchme2007-07-04_134532.48.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1314\A0954843.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1314\A0954844.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1314\A0954845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1315\A0955843.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1315\A0955844.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1315\A0955845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1315\A0955846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0958843.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0958844.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0958845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0958846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959895.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959899.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959904.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959910.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959916.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959935.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959939.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959943.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0961941.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0961945.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0961950.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963959.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963961.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963967.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963969.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963973.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963975.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963980.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0964093.dll Infected: Backdoor.Win32.ShBot.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0964094.exe Infected: Backdoor.Win32.ShBot.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0964095.exe Infected: Trojan-Downloader.Win32.Lookme.g skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1343\A0967828.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1343\A0967829.SYS Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1343\A0967830.SYS Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1344\A0968896.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1344\A0968898.SYS Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1344\A0968901.SYS Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1344\A0969896.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1344\A0969897.SYS Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1344\A0969898.SYS Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1344\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DLLCACHE\TCPIP.SYS Infected: Trojan.Win32.Patched.ad skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\Christina\Application Data\ntos.exe Infected: Trojan-Spy.Win32.Bancos.aam skipped

Scan process completed.
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby ross_rachel4life » July 29th, 2007, 8:18 pm

HijackThis scan

Logfile of HijackThis v1.99.1
Scan saved at 8:16:58 PM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
c:\program files\common files\aol\1139965892\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139965892\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.easports.com/downloads/games ... /ieell.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID98.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zy ... player.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/diner ... 0.0.72.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby SNOWHITE » July 30th, 2007, 9:55 pm

Hello,

With your last directions, you said to clean the cache, temp files, etc.

You can follow my instructions for cleaning cache and temp files, also clean Norton's quarantine folder.

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompt by your firewall that OTMoveIt tries to contact internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes.

NOTE: This will remove some of the tools we used so far, including OTMoveIt.

Run new online Kaspersky scan and post the results back.

How is the computer running?


Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby NonSuch » August 8th, 2007, 2:33 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby Nellie2 » August 10th, 2007, 5:06 pm

Log re-opened at the request of ross_rachel4life
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby SNOWHITE » August 11th, 2007, 6:53 pm

ross_rachel4life?

How is the computer running, could you post me new Kaspersky scan report?

Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby NonSuch » August 18th, 2007, 4:24 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 312 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware