Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyware infection! Please review my HJT logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby MaKaVeLi » December 17th, 2005, 8:00 pm

Alright then.

Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your Valid Email
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- Post Panda scan results in your next reply
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA
Advertisement
Register to Remove

Panda

Unread postby arqa » December 17th, 2005, 10:18 pm

When I get to Scan now, I can't open the link...
it is happening with other programs as well...
I click it and nothing happens...there's always a word:
javascript, but even when I try open in new window,
I can't get it to work...

Any suggestions to overcome this?
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 17th, 2005, 10:50 pm

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?ac ... t&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [{00-0A-A0-0D-ZN}] C:\WINDOWS\SYSTEM\RRDSREGO.EXE DEFAULT
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM\spdevsaw.exe

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

New Report & HJT Log

Unread postby arqa » December 18th, 2005, 12:02 am

Hello MaKaVeLi,

Please review attached report & HJT log


Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\aslmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...

»»»»» Misc files



Logfile of HijackThis v1.99.1
Scan saved at 11:01:57 PM, on 12/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/

Thanks :)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 18th, 2005, 10:35 am

Delete the following files and folders (if present):

C:\Program Files\snss\
C:\WINDOWS\SYSTEM\RRDSREGO.EXE
C:\WINDOWS\SYSTEM\spdevsaw.exe

Now see if you can run a scan here:

http://www.kaspersky.com/virusscanner

If the scan creates a log, save it and post it into your next reply.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

New scan

Unread postby arqa » December 18th, 2005, 5:12 pm

Hello MaKaVeLi,
Here's the scan report

KASPERSKY ON-LINE SCANNER REPORT
Sunday, December 18, 2005 16:08:54
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/12/2005
Kaspersky Anti-Virus database records: 155898
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
a:\
c:\
d:\

Scan Statistics:
Total number of scanned objects: 56598
Number of viruses found: 103
Number of infected objects: 379
Number of suspicious objects: 17
Duration of the scan process: 7012 sec

Infected Object Name - Virus Name
c:\WINDOWS\SYSTEM\wintask.exe Infected: Trojan-Downloader.Win32.Small.abd
c:\WINDOWS\SYSTEM\exp.exe Infected: Trojan-Downloader.Win32.Small.abd
c:\WINDOWS\SYSTEM\in10b6s.dll Infected: Trojan-Dropper.Win32.Small.nj
c:\WINDOWS\SYSTEM\AlwKR.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\thinInstOIT61MegaV2s.dll Infected: Trojan-Dropper.Win32.Small.abe
c:\WINDOWS\SYSTEM\Ahm9.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\SplWbr.dll Infected: Trojan-Downloader.Win32.Agent.dr
c:\WINDOWS\SYSTEM\SnuQDC65.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\Sgr88m14.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\Kwhu0Uz.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\DfsIq4.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\FigU2Q.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\Mbj4Eyx.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\Phed4.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\ZawM8.exe Infected: Trojan-Downloader.Win32.VB.em
c:\WINDOWS\SYSTEM\e2give.exe Infected: Trojan-Dropper.Win32.Agent.hl
c:\WINDOWS\SYSTEM\wuauclt.dll Infected: Trojan-Downloader.Win32.Qoologic.ae
c:\WINDOWS\SYSTEM\sav2.exe Infected: Trojan-Downloader.Win32.Agent.vp
c:\WINDOWS\SYSTEM\SSK3_B5 Seedcorn 4.exe Infected: Trojan-Dropper.Win32.Small.qn
c:\WINDOWS\SYSTEM\GSM3-0511.exe/data0002 Infected: Trojan.Win32.Registrator.b
c:\WINDOWS\SYSTEM\GSM3-0511.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
c:\WINDOWS\SYSTEM\GSM3-0511.exe Infected: Trojan-Downloader.Win32.Small.ayh
c:\WINDOWS\SYSTEM\dist001.exe Infected: Trojan-Downloader.Win32.Agent.aaf
c:\WINDOWS\SYSTEM\pi1_71.exe Infected: Trojan-Downloader.Win32.Small.aal
c:\WINDOWS\SYSTEM\uci.exe Infected: Trojan-Dropper.Win32.Agent.hl
c:\WINDOWS\SYSTEM\CLEANexp.exe Infected: Trojan-Downloader.Win32.Small.abd
c:\WINDOWS\SYSTEM\blizex6.exe Infected: Trojan-Dropper.Win32.Agent.hl
c:\WINDOWS\SYSTEM\vgactl.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
c:\WINDOWS\SYSTEM\72_blizzard_4_0_3_7.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\WINDOWS\SYSTEM\72_blizzard_4_0_3_7.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\WINDOWS\SYSTEM\mmxdoubleexe.exe Infected: Trojan-Downloader.Win32.VB.jl
c:\WINDOWS\SYSTEM\fran-hot.exe Infected: Trojan-Dropper.Win32.Agent.abb
c:\WINDOWS\SYSTEM\SSK3.exe Infected: Trojan-Dropper.Win32.Small.qn
c:\WINDOWS\SYSTEM\~update.exe Infected: Packed.Win32.Klone.b
c:\WINDOWS\SYSTEM\kednld.sys Infected: Trojan-Downloader.Win32.Hanlo.e
c:\WINDOWS\SYSTEM\sywsvcs.exe Infected: Packed.Win32.Klone.b
c:\WINDOWS\SYSTEM\dcom_9.dll Infected: Backdoor.Win32.Agent.ov
c:\WINDOWS\SYSTEM\idemlog.exe Infected: Backdoor.Win32.Agent.rw
c:\WINDOWS\SYSTEM\hpaefgpn.exe Infected: Trojan-Proxy.Win32.Wopla.n
c:\WINDOWS\bundles\SSK_B5.EXE Infected: Trojan-Dropper.Win32.SurfSide.a
c:\WINDOWS\bundles\HelperInstaller.exe Infected: Trojan-Dropper.Win32.Delf.z
c:\WINDOWS\pwpuk.dat Infected: Trojan.Win32.Pakes
c:\WINDOWS\minigolf_affiliate.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.g
c:\WINDOWS\minigolf_affiliate.exe Infected: Trojan-Downloader.NSIS.Agent.g
c:\WINDOWS\adatiu.exe Infected: Trojan.Win32.Pakes
c:\WINDOWS\bdbamor.exe Infected: Trojan.Win32.Pakes
c:\WINDOWS\ilicoot.dll Infected: Trojan-Downloader.Win32.Qoologic.af
c:\WINDOWS\fkfmw.dll Infected: Trojan-Downloader.Win32.Qoologic.ak
c:\WINDOWS\pi1_25.exe Infected: Trojan-Downloader.Win32.Small.afq
c:\WINDOWS\mm83.ocx Infected: Trojan-Downloader.Win32.VB.ov
c:\WINDOWS\mrj.exe/mrjj.exe Infected: Trojan.Win32.LowZones.am
c:\WINDOWS\mrj.exe Infected: Trojan.Win32.LowZones.am
c:\WINDOWS\mrjj.exe Infected: Trojan.Win32.LowZones.am
c:\WINDOWS\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\WINDOWS\offun.exe Infected: Trojan-Downloader.Win32.VB.hw
c:\WINDOWS\dvpd.dll Infected: Backdoor.Win32.Dumador.eo
c:\WINDOWS\inet20001\services.exe Infected: Trojan-Downloader.Win32.CWS.o
c:\WINDOWS\inet20066\socks.exe Infected: Trojan-Proxy.Win32.Small.cf
c:\WINDOWS\inet20066\mm.exe Infected: Trojan-Downloader.Win32.Delf.abu
c:\Recycled\Dc207.exe Infected: Trojan-Spy.Win32.VB.eh
c:\Recycled\Dc208.exe Infected: Trojan-Downloader.Win32.Tibs.s
c:\Recycled\Dc209.exe Infected: Trojan-Downloader.Win32.Small.bxc
c:\Recycled\Dc210.exe Infected: Trojan-Downloader.Win32.Tibs.p
c:\Recycled\Dc211.exe Infected: not-virus:Hoax.Win32.Renos.ac
c:\Recycled\Dc213.exe Infected: Trojan-Downloader.Win32.Small.bwm
c:\Recycled\Dc189.exe Infected: Trojan.Win32.Favadd.an
c:\Recycled\Dc192.exe Infected: Trojan.Win32.Small.gq
c:\Recycled\Dc193.exe Infected: Trojan-Downloader.Win32.Agent.uj
c:\Recycled\Dc194.exe Infected: Trojan-Downloader.Win32.Agent.uj
c:\Recycled\Dc124\Fcgmk.exe Infected: Trojan.Win32.Small.cy
c:\Recycled\Dc130.exe Infected: Trojan.Win32.Pakes
c:\Recycled\Dc225.txt Suspicious: Exploit.HTML.Mht
c:\Recycled\Dc226.txt Suspicious: Exploit.HTML.Mht
c:\Recycled\Dc229 Suspicious: Exploit.HTML.Mht
c:\Recycled\Dc230 Suspicious: Exploit.HTML.Mht
c:\Recycled\Dc232.exe Infected: Trojan.Win32.Dialer.ay
c:\_RESTORE\TEMP\A1695317.CPY Infected: Trojan-Spy.Win32.Goldun.ey
c:\_RESTORE\TEMP\A1695324.CPY Infected: Trojan-Spy.Win32.Goldun.ey
c:\_RESTORE\TEMP\A1696560.CPY Infected: Trojan.Win32.Qhost.da
c:\_RESTORE\TEMP\A1696618.CPY Infected: Trojan.Win32.Delf.pu
c:\_RESTORE\TEMP\A1696625.CPY Infected: Trojan.Win32.Delf.pu
c:\_RESTORE\TEMP\A1696634.CPY Infected: Trojan-Proxy.Win32.Delf.aa
c:\_RESTORE\TEMP\A1696643.CPY Infected: Trojan-Proxy.Win32.Delf.aa
c:\_RESTORE\ARCHIVE\FS8.CAB/A1696447.CPY Infected: Backdoor.Win32.Dumador.et
c:\_RESTORE\ARCHIVE\FS8.CAB Infected: Backdoor.Win32.Dumador.et
c:\Program Files\Common Files\InetGet\mc-110-12-0000122.exe Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Common Files\Windows\mc-110-12-0000122.exe Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Yazzle Sudoku\Sudoku.exe Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D1BB0000.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E4C90000.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C4AB0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50001.VBN Infected: Trojan-Dropper.Win32.Small.mr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D55F0000.VBN Infected: Trojan-Dropper.Win32.Agent.tb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50003.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0450000.VBN Infected: Trojan-Dropper.Win32.Agent.tb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50005.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E78B0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50007.VBN Infected: Trojan-Dropper.Win32.Small.mr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0CC90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B2A90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DF1D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2750000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\62CD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\72050000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\77890000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D7370000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51490000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5FA10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5FA10001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\592D0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\64B90000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\61910000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A84F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\15530000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\15530001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1E7B0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B3F0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9AB90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\97910000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\94250000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\92110000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1E5F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5A870000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\670B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\61FF0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\01650000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\194B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\54430000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A67F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\70210000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6FC90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6AF10000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\67650000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5F950000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5F950001.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5ABD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EAED0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\53E50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4E790000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\48CD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\45D50000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7FA10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\792D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\77C50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\71710000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CFD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6E690000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\361B0000.VBN Infected: Trojan-Downloader.Win32.IstBar.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\34AF0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\23BB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6AF70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3D4D0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24710000.VBN Infected: Trojan-Downloader.Win32.IstBar.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\58DD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\57F50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\44570000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\40EF0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\60B50000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0BE10000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7F950000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BEEB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B8770000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6E990000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6E70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B47B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A9CF0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\AF430000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\56970000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5D550000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5ED90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\586D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51970000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4CE30000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4F6F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BE370000.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B8830001.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51970001.VBN Infected: Trojan.Win32.ExitWin.z
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E5330000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D4870000.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CAB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F9110000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\86AD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\56A50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51590000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6C490000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9BB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EC530000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\288D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DDDD0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\18870000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\12450000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4EEF0000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\48BB0000.VBN Infected: Trojan-Downloader.Win32.VB.hj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EFA50000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5A5D0000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2930000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DD1F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9010000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\940D0000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99F10000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A9350000.VBN Infected: Trojan-Downloader.Win32.Agent.tv
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B3650000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\829F0000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B68B0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B51F0000.VBN Infected: Trojan-Proxy.Win32.Agent.df
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0AFF0000.VBN Infected: Trojan-Proxy.Win32.Agent.df
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E75B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C9830000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BDBF0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A7E10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EAFD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B04F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DED50000.VBN Infected: Trojan.Win32.EliteBar.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9CCD0000.VBN Infected: Trojan.Win32.EliteBar.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\01010000.VBN Infected: Trojan-Dropper.Win32.Agent.xw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\39070000.VBN Infected: Trojan-Dropper.Win32.Agent.xw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\17D50000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9AE90000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6970000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\ADB70000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2FEF0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\04470000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\740B0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\36E10001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1C50000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F3490000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\75A50000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\07B90000.VBN Infected: Trojan-Downloader.Win32.Small.bho
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\05350000.VBN Infected: Trojan-Downloader.Win32.Small.bho
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\13190000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\10950000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\02410000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDD0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\158D0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2F90001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FF4D0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\55CB0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0010000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9C590000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\97250000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9A8D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9C590001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\98F10001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0010002.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750003.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\91C10002.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FB4B0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2CC50000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2EE90001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B110000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\92830000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\419F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A62F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\314F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6D10000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7D530000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7BEF0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\767B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74F70000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CAB0001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6B270000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\644F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7BEF0001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7D530001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\767B0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FF330000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\8B2F0000.VBN Infected: Trojan-Downloader.Win32.Small.bkr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\87D70000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A54F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A54F0001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\90EF0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D20D0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\320B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\25C30000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1EEB0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\27570000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\207F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\320B0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\30870000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\90C10000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\8E2D0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F4E50000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9090000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E38D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DD750000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E7E50000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E5B10000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9BAD0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C96B0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\460B0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\16A30000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99D70000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99D70001.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\927F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1DB0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74530000.VBN Infected: Trojan.Win32.Dialer.iz
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\76070000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1DB0001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\73AF0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\841F0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\836B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D2430000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\CE8B0000.VBN Infected: Trojan-Proxy.Win32.Wopla.n
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\CB930000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3CFB0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3AD70000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\38830000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\072F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74F70001.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7C8B0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\791F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6C530000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\717B0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43DD0000.VBN Infected: Trojan.Win32.Dialer.iz
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DC4D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BF10000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1CAB0000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDF0000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\19430000.VBN Infected: Trojan-Dropper.Win32.Agent.abu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24F70000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\267B0000.VBN Infected: Trojan-Dropper.Win32.Small.aih
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\21EF0000.VBN Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\23130000.VBN Infected: Trojan-Dropper.Win32.Agent.ri
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E870000.VBN Infected: Trojan-Downloader.Win32.Small.asa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\280B0000.VBN Infected: Trojan.Win32.Inject.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2BBF0000.VBN Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1CAB0001.VBN Infected: Trojan-Downloader.Win32.Small.byj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDF0001.VBN Infected: Trojan-Downloader.Win32.Small.byj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\19430001.VBN Infected: Trojan.Win32.Spabot.t
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24F70001.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\73690000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\06FB0000.VBN Infected: Trojan-Spy.Win32.Goldun.ey
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\10530000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E0AF0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\267B0001.VBN Infected: Trojan.Win32.Delf.pu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3F6F0000.VBN Infected: Trojan-Proxy.Win32.Delf.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\APTemp\AP0.dll Infected: Trojan-Spy.Win32.Idly.c
c:\Program Files\ICONS\mouse2.exe/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\mouse2.exe/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\mouse2.exe Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\movies2.exe/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\movies2.exe/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\movies2.exe Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\MouseStick\mouse.exe/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\MouseStick\mouse.exe Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Movies\movies.exe/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Movies\movies.exe Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Aprps\ace.dll Infected: Trojan.Win32.Crypt.t
c:\Program Files\Aprps\CxtPls.dll Infected: Trojan-Downloader.Win32.Apropo.ag
c:\Program Files\Aprps\CxtPls.exe Infected: Trojan-Downloader.Win32.Apropo.ag
c:\Program Files\Aprps\ProxyStub.dll Infected: Trojan.Win32.Crypt.t
c:\Program Files\Aprps\libexpat.dll Infected: Trojan.Win32.Crypt.t
c:\Program Files\Aprps\WinGenerics.dll Infected: Trojan.Win32.Crypt.t
c:\Program Files\Aprps\uninstaller.exe Infected: Trojan.Win32.Crypt.t
c:\Program Files\Aprps\atl.dll Infected: Trojan.Win32.Crypt.t
c:\Program Files\Aprps\plg0\cxtpls.dll Infected: Trojan-Downloader.Win32.Apropo.ag
c:\Program Files\Aprps\pstub0\proxystub.dll Infected: Trojan.Win32.Crypt.t
c:\updaterInstall_112.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
c:\updaterInstall_112.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval
c:\updaterInstall_112.exe/data0005 Infected: Trojan-Downloader.Win32.Keenval
c:\updaterInstall_112.exe Infected: Trojan-Downloader.Win32.Keenval
c:\Overpro-347.exe/data0010 Infected: Trojan.Win32.KillApp.f
c:\Overpro-347.exe/data0012 Infected: Trojan.Win32.VB.od
c:\Overpro-347.exe Infected: Trojan.Win32.VB.od
c:\TVM_B5B10.EXE Infected: Trojan-Dropper.Win32.Small.ht
c:\NULL Infected: Trojan-Downloader.Win32.QDown.m
c:\all_icons.exe/data0002/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\all_icons.exe/data0002/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\all_icons.exe/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\all_icons.exe/data0004/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\all_icons.exe/data0004/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\all_icons.exe/data0004 Infected: Trojan-Clicker.Win32.Instas.a
c:\all_icons.exe Infected: Trojan-Clicker.Win32.Instas.a
c:\temporary\install201.exe Infected: Trojan.Win32.SecondThought.an
c:\winstall.exe Infected: not-virus:Hoax.Win32.Renos.ac
c:\lo830522516.exe Infected: Trojan-Downloader.Win32.Tibs.ai
c:\HJT\backups\backup-20051208-002053-389.dll Infected: Trojan.Win32.Dialer.fu
c:\HJT\backups\backup-20051208-002053-384.dll Infected: Trojan-Downloader.Win32.IstBar.gen
c:\HJT\backups\backup-20051208-210323-298-nrna.exe Infected: Trojan.Win32.Pakes
c:\!KillBox\MSUPDATE32.DLL Infected: Trojan-Proxy.Win32.Delf.al

Scan process completed.

Please tell me what to do next. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 18th, 2005, 9:43 pm

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

QUESTION

Unread postby arqa » December 18th, 2005, 11:03 pm

Hello MaKaVeLi,

I downloaded aproposfix and rebooted in Safe mode,
but when running Runthis.bat there was a warning
saying that to run ms-dos files in Safe mode risks
harming the video display or other files...
Should I run it in Normal mode?

Thanks.
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 19th, 2005, 4:20 pm

This fix has been done before and it works and doesn't damage anything. So yes, run the fix in safe mode.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Aproposfix

Unread postby arqa » December 20th, 2005, 10:13 am

Hello MaKaVeLi,

Couldn't run Aproposfix, it is a missmached version...
for Windows 2000 & XP.

So, what should I do next?

Please advise, thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 21st, 2005, 12:29 am

Download the following file and unzip it.

http://www.greatis.com/unhackme.zip

Install it and run it. If it creates a log post it into your next reply.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

unhackme

Unread postby arqa » December 21st, 2005, 11:59 pm

Hello MaKaVeLi,

Couldn't run Unhackme, it needs Windows 2000 or higher...

I used AdAware & SpybotS&D before this new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 10:55:51 PM, on 12/21/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\UNHACKME\HACKMON.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab

Please let me know what to do now. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 23rd, 2005, 4:30 pm

Hi arqa,

Sorry for the late reply.

At this point your best option is to format the computer. You've been infected with trojans, a keylogger, and a rootkit. Who knows what else is on there? If you want I can post instructions for formatting your computer.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » December 23rd, 2005, 4:46 pm

Hello MaKaVeLi,

I wonder if before such a drastic step we could use any other
software that runs with Windows ME... similar to the ones that
work with 2000 and XP.

Otherwise, please let me know how to re-format my PC, and I'll
see if I feel confident enough to proceed to do it :(

Thank you & happy holidays!
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 23rd, 2005, 11:15 pm

Download Kilbox.

Open killbox.exe.

Click on Tools>Delete Temp Files

A box will open with a list of all user profiles.

Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.

Temporary Internet Files
Temp Files
XP Prefetch

If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.

Then,

Check on the Button titled "Delete Selected Temp Files"

Exit by clicking the Button titled "Exit (Save Settings)"

Once back into the main killbox program.

Check the following boxes:

Delete on Reboot

Highlight all the entries in the quote box below and then Copy them.

c:\WINDOWS\SYSTEM\wintask.exe
c:\WINDOWS\SYSTEM\exp.exe
c:\WINDOWS\SYSTEM\in10b6s.dll
c:\WINDOWS\SYSTEM\AlwKR.exe
c:\WINDOWS\SYSTEM\thinInstOIT61MegaV2s.dll
c:\WINDOWS\SYSTEM\Ahm9.exe
c:\WINDOWS\SYSTEM\SplWbr.dll
c:\WINDOWS\SYSTEM\SnuQDC65.exe
c:\WINDOWS\SYSTEM\Sgr88m14.exe
c:\WINDOWS\SYSTEM\Kwhu0Uz.exe
c:\WINDOWS\SYSTEM\DfsIq4.exe
c:\WINDOWS\SYSTEM\FigU2Q.exe
c:\WINDOWS\SYSTEM\Mbj4Eyx.exe
c:\WINDOWS\SYSTEM\Phed4.exe
c:\WINDOWS\SYSTEM\ZawM8.exe
c:\WINDOWS\SYSTEM\e2give.exe
c:\WINDOWS\SYSTEM\wuauclt.dll
c:\WINDOWS\SYSTEM\sav2.exe
c:\WINDOWS\SYSTEM\SSK3_B5 Seedcorn 4.exe
c:\WINDOWS\SYSTEM\GSM3-0511.exe
c:\WINDOWS\SYSTEM\dist001.exe
c:\WINDOWS\SYSTEM\pi1_71.exe
c:\WINDOWS\SYSTEM\uci.exe
c:\WINDOWS\SYSTEM\CLEANexp.exe
c:\WINDOWS\SYSTEM\blizex6.exe
c:\WINDOWS\SYSTEM\vgactl.cpl
c:\WINDOWS\SYSTEM\72_blizzard_4_0_3_7.exe
c:\WINDOWS\SYSTEM\mmxdoubleexe.exe
c:\WINDOWS\SYSTEM\fran-hot.exe
c:\WINDOWS\SYSTEM\SSK3.exe
c:\WINDOWS\SYSTEM\~update.exe
c:\WINDOWS\SYSTEM\kednld.sys
c:\WINDOWS\SYSTEM\sywsvcs.exe
c:\WINDOWS\SYSTEM\dcom_9.dll
c:\WINDOWS\SYSTEM\idemlog.exe
c:\WINDOWS\SYSTEM\hpaefgpn.exe
c:\WINDOWS\pwpuk.dat
c:\WINDOWS\minigolf_affiliate.exe
c:\WINDOWS\adatiu.exe
c:\WINDOWS\bdbamor.exe
c:\WINDOWS\ilicoot.dll
c:\WINDOWS\fkfmw.dll
c:\WINDOWS\pi1_25.exe
c:\WINDOWS\mm83.ocx
c:\WINDOWS\mrj.exe
c:\WINDOWS\mrjj.exe
c:\WINDOWS\optimize.exe
c:\WINDOWS\offun.exe
c:\WINDOWS\dvpd.dll
c:\updaterInstall_112.exe
c:\Overpro-347.exe
c:\TVM_B5B10.EXE
c:\NULL
c:\all_icons.exe
c:\temporary\install201.exe
c:\winstall.exe
c:\lo830522516.exe


Then in killbox click File>>Paste from Clipboard

At this point the "All Files" button should be enabled so you can click it.

Click the "All Files" button.

Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes

A second message will ask to Reboot now? you will need to click Yes to allow the reboot.

If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Note: Killbox will let you know if a file does not exist. If that happens, just continue on.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware