Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyware infection! Please review my HJT logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

New HJT Log

Unread postby arqa » December 24th, 2005, 3:14 pm

Hello MaKaVeLi,

I run killbox.
Here's a new HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 2:01:11 PM, on 12/24/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\HJT\HIJACKTHIS.EXE

Please let me know what's next. Thanks :)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am
Advertisement
Register to Remove

Unread postby MaKaVeLi » December 25th, 2005, 11:16 pm

Run another scan from here and post the log.

http://www.kaspersky.com/virusscanner
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

KASPERSKY ON-LINE SCANNER REPORT

Unread postby arqa » December 26th, 2005, 1:33 pm

Hello MaKaVeLi

I scanned the Critical Areas:

KASPERSKY ON-LINE SCANNER REPORT
Monday, December 26, 2005 12:24:05
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/12/2005
Kaspersky Anti-Virus database records: 157392
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\WINDOWS\TEMP\

Scan Statistics:
Total number of scanned objects: 10397
Number of viruses found: 10
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 1804 sec

Infected Object Name - Virus Name
C:\WINDOWS\SYSTEM\dist001.exe Infected: Trojan-Downloader.Win32.Agent.aaf
C:\WINDOWS\SYSTEM\GS_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\WINDOWS\SYSTEM\GS_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\WINDOWS\SYSTEM\GS_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\WINDOWS\bundles\SSK_B5.EXE Infected: Trojan-Dropper.Win32.SurfSide.a
C:\WINDOWS\bundles\HelperInstaller.exe Infected: Trojan-Dropper.Win32.Delf.z
C:\WINDOWS\wsem303.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\WINDOWS\offun.exe Infected: Trojan-Downloader.Win32.VB.hw
C:\WINDOWS\nem220.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\WINDOWS\inet20001\services.exe Infected: Trojan-Downloader.Win32.CWS.o
C:\WINDOWS\inet20066\socks.exe Infected: Trojan-Proxy.Win32.Small.cf
C:\WINDOWS\inet20066\mm.exe Infected: Trojan-Downloader.Win32.Delf.abu

Scan process completed.

and just in case, here's a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:29:50 PM, on 12/26/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab


Please advise, thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 26th, 2005, 3:13 pm

Start your computer in Safe Mode and delete the following files and folders:

C:\WINDOWS\SYSTEM\dist001.exe
C:\WINDOWS\SYSTEM\GS_SilentSudokuInstaller.exe
C:\WINDOWS\bundles\
C:\WINDOWS\wsem303.dll
C:\WINDOWS\offun.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\inet20001\
C:\WINDOWS\inet20066\
c:\temporary\
c:\Program Files\Aprps\
c:\Program Files\Movies\
c:\Program Files\MouseStick\
c:\Program Files\ICONS\
c:\Program Files\Yazzle Sudoku\
c:\Program Files\Common Files\Windows\
c:\Program Files\Common Files\InetGet\

Now empty your Recycle Bin and reboot in normal mode and post a new HijackThis log.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » December 26th, 2005, 5:45 pm

Hello MaKaVeLi,

While waiting for your last response, I run a full Kaspersky scan

KASPERSKY ON-LINE SCANNER REPORT
Monday, December 26, 2005 15:48:17
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/12/2005
Kaspersky Anti-Virus database records: 157436
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
a:\
c:\
d:\

Scan Statistics:
Total number of scanned objects: 50988
Number of viruses found: 106
Number of infected objects: 409
Number of suspicious objects: 18
Duration of the scan process: 6546 sec

Infected Object Name - Virus Name
c:\WINDOWS\SYSTEM\dist001.exe Infected: Trojan-Downloader.Win32.Agent.aaf
c:\WINDOWS\SYSTEM\GS_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
c:\WINDOWS\SYSTEM\GS_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
c:\WINDOWS\SYSTEM\GS_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
c:\WINDOWS\bundles\SSK_B5.EXE Infected: Trojan-Dropper.Win32.SurfSide.a
c:\WINDOWS\bundles\HelperInstaller.exe Infected: Trojan-Dropper.Win32.Delf.z
c:\WINDOWS\wsem303.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt
c:\WINDOWS\offun.exe Infected: Trojan-Downloader.Win32.VB.hw
c:\WINDOWS\nem220.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
c:\WINDOWS\inet20001\services.exe Infected: Trojan-Downloader.Win32.CWS.o
c:\WINDOWS\inet20066\socks.exe Infected: Trojan-Proxy.Win32.Small.cf
c:\WINDOWS\inet20066\mm.exe Infected: Trojan-Downloader.Win32.Delf.abu
c:\Recycled\Dc207.exe Infected: Trojan-Spy.Win32.VB.eh
c:\Recycled\Dc208.exe Infected: Trojan-Downloader.Win32.Tibs.s
c:\Recycled\Dc209.exe Infected: Trojan-Downloader.Win32.Small.bxc
c:\Recycled\Dc210.exe Infected: Trojan-Downloader.Win32.Tibs.p
c:\Recycled\Dc211.exe Infected: not-virus:Hoax.Win32.Renos.ac
c:\Recycled\Dc213.exe Infected: Trojan-Downloader.Win32.Small.bwm
c:\Recycled\Dc189.exe Infected: Trojan.Win32.Favadd.an
c:\Recycled\Dc192.exe Infected: Trojan.Win32.Small.gq
c:\Recycled\Dc193.exe Infected: Trojan-Downloader.Win32.Agent.uj
c:\Recycled\Dc194.exe Infected: Trojan-Downloader.Win32.Agent.uj
c:\Recycled\Dc124\Fcgmk.exe Infected: Trojan.Win32.Small.cy
c:\Recycled\Dc204.exe Infected: Trojan-Downloader.Win32.Pacer.j
c:\Recycled\Dc130.exe Infected: Trojan.Win32.Pakes
c:\Recycled\Dc225.txt Suspicious: Exploit.HTML.Mht
c:\Recycled\Dc226.txt Suspicious: Exploit.HTML.Mht
c:\Recycled\Dc229 Suspicious: Exploit.HTML.Mht
c:\Recycled\Dc230 Suspicious: Exploit.HTML.Mht
c:\Recycled\Dc232.exe Infected: Trojan.Win32.Dialer.ay
c:\Recycled\Dc246\uninstaller.exe Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698918.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698919.CPY Infected: Trojan-Downloader.Win32.Apropo.ag
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698920.CPY Infected: Trojan-Downloader.Win32.Apropo.ag
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698921.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698922.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698923.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698926.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698927.CPY Infected: Trojan-Downloader.Win32.Apropo.ag
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698928.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS6.CAB/A1698991.CPY Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS6.CAB Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700763.CPY Infected: Trojan-Downloader.Win32.Dyfuca.dp
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700766.CPY Infected: Trojan-Downloader.Win32.Dyfuca.dp
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700779.CPY Infected: Trojan-Downloader.Win32.Dyfuca.de
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700781.CPY Infected: Trojan-Downloader.Win32.Dyfuca.de
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700782.CPY Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS16.CAB Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790071.CPY Infected: Trojan-Downloader.Win32.Agent.vp
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790072.CPY Infected: Trojan-Dropper.Win32.Small.qn
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790073.CPY/data0002 Infected: Trojan.Win32.Registrator.b
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790073.CPY/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790073.CPY Infected: Trojan-Downloader.Win32.Small.ayh
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790074.CPY Infected: Trojan-Downloader.Win32.Small.aal
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790075.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790076.CPY Infected: Trojan-Downloader.Win32.Small.abd
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790077.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790078.CPY Infected: Trojan-Downloader.Win32.Qoologic.ad
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790079.CPY/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790079.CPY Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790080.CPY Infected: Trojan-Downloader.Win32.VB.jl
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790081.CPY Infected: Trojan-Dropper.Win32.Agent.abb
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790082.CPY Infected: Trojan-Dropper.Win32.Small.qn
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790083.CPY Infected: Packed.Win32.Klone.b
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790084.CPY Infected: Trojan-Downloader.Win32.Hanlo.e
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790085.CPY Infected: Packed.Win32.Klone.b
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790086.CPY Infected: Backdoor.Win32.Agent.ov
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790087.CPY Infected: Backdoor.Win32.Agent.rw
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790088.CPY Infected: Trojan-Proxy.Win32.Wopla.n
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790090.CPY/data0001 Infected: Trojan-Downloader.NSIS.Agent.g
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790090.CPY Infected: Trojan-Downloader.NSIS.Agent.g
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790091.CPY Infected: Trojan.Win32.Pakes
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790092.CPY Infected: Trojan.Win32.Pakes
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790093.CPY Infected: Trojan-Downloader.Win32.Qoologic.af
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790094.CPY Infected: Trojan-Downloader.Win32.Qoologic.ak
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790095.CPY Infected: Trojan-Downloader.Win32.Small.afq
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790096.CPY Infected: Trojan-Downloader.Win32.VB.ov
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790097.CPY/mrjj.exe Infected: Trojan.Win32.LowZones.am
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790097.CPY Infected: Trojan.Win32.LowZones.am
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790098.CPY Infected: Trojan.Win32.LowZones.am
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790099.CPY Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790100.CPY Infected: Backdoor.Win32.Dumador.eo
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790101.CPY/data0002 Infected: Trojan-Downloader.Win32.Keenval
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790101.CPY/data0004 Infected: Trojan-Downloader.Win32.Keenval
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790101.CPY/data0005 Infected: Trojan-Downloader.Win32.Keenval
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790101.CPY Infected: Trojan-Downloader.Win32.Keenval
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790102.CPY/data0010 Infected: Trojan.Win32.KillApp.f
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790102.CPY/data0012 Infected: Trojan.Win32.VB.od
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790102.CPY Infected: Trojan.Win32.VB.od
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790103.CPY Infected: Trojan-Dropper.Win32.Small.ht
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0002/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0002/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0004/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0004/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0004 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790106.CPY Infected: Trojan.Win32.SecondThought.an
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790107.CPY Infected: not-virus:Hoax.Win32.Renos.ac
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790108.CPY Infected: Trojan-Downloader.Win32.Tibs.ai
c:\_RESTORE\ARCHIVE\FS14.CAB Infected: Trojan-Downloader.Win32.Tibs.ai
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699611.CPY Infected: Trojan-Downloader.Win32.Small.abd
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699613.CPY Infected: Trojan-Downloader.Win32.Small.abd
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699615.CPY Infected: Trojan-Dropper.Win32.Small.nj
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699617.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699619.CPY Infected: Trojan-Dropper.Win32.Small.abe
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699621.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699623.CPY Infected: Trojan-Downloader.Win32.Agent.dr
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699625.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699627.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699629.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699631.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699633.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699635.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699637.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699639.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699641.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699643.CPY Infected: Trojan-Downloader.Win32.Qoologic.ae
c:\_RESTORE\ARCHIVE\FS13.CAB Infected: Trojan-Downloader.Win32.Qoologic.ae
c:\Program Files\Common Files\InetGet\mc-110-12-0000122.exe Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Common Files\Windows\mc-110-12-0000122.exe Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Windows Media Player\wmplayer.exe Infected: Trojan-Downloader.Win32.Pacer.e
c:\Program Files\Yazzle Sudoku\Sudoku.exe Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D1BB0000.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E4C90000.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C4AB0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50001.VBN Infected: Trojan-Dropper.Win32.Small.mr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D55F0000.VBN Infected: Trojan-Dropper.Win32.Agent.tb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50003.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0450000.VBN Infected: Trojan-Dropper.Win32.Agent.tb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50005.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E78B0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50007.VBN Infected: Trojan-Dropper.Win32.Small.mr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0CC90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B2A90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DF1D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2750000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\62CD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\72050000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\77890000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D7370000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51490000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5FA10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5FA10001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\592D0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\64B90000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\61910000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A84F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\15530000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\15530001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1E7B0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B3F0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9AB90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\97910000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\94250000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\92110000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1E5F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5A870000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\670B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\61FF0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\01650000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\194B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\54430000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A67F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\70210000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6FC90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6AF10000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\67650000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5F950000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5F950001.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5ABD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EAED0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\53E50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4E790000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\48CD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\45D50000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7FA10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\792D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\77C50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\71710000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CFD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6E690000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\361B0000.VBN Infected: Trojan-Downloader.Win32.IstBar.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\34AF0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\23BB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6AF70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3D4D0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24710000.VBN Infected: Trojan-Downloader.Win32.IstBar.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\58DD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\57F50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\44570000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\40EF0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\60B50000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0BE10000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7F950000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BEEB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B8770000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6E990000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6E70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B47B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A9CF0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\AF430000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\56970000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5D550000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5ED90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\586D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51970000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4CE30000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4F6F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BE370000.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B8830001.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51970001.VBN Infected: Trojan.Win32.ExitWin.z
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E5330000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D4870000.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CAB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F9110000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\86AD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\56A50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51590000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6C490000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9BB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EC530000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\288D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DDDD0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\18870000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\12450000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4EEF0000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\48BB0000.VBN Infected: Trojan-Downloader.Win32.VB.hj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EFA50000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5A5D0000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2930000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DD1F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9010000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\940D0000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99F10000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A9350000.VBN Infected: Trojan-Downloader.Win32.Agent.tv
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B3650000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\829F0000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B68B0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B51F0000.VBN Infected: Trojan-Proxy.Win32.Agent.df
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0AFF0000.VBN Infected: Trojan-Proxy.Win32.Agent.df
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E75B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C9830000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BDBF0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A7E10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EAFD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B04F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DED50000.VBN Infected: Trojan.Win32.EliteBar.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9CCD0000.VBN Infected: Trojan.Win32.EliteBar.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\01010000.VBN Infected: Trojan-Dropper.Win32.Agent.xw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\39070000.VBN Infected: Trojan-Dropper.Win32.Agent.xw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\17D50000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9AE90000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6970000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\ADB70000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2FEF0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\04470000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\740B0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\36E10001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1C50000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F3490000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\75A50000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\07B90000.VBN Infected: Trojan-Downloader.Win32.Small.bho
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\05350000.VBN Infected: Trojan-Downloader.Win32.Small.bho
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\13190000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\10950000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\02410000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDD0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\158D0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2F90001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FF4D0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\55CB0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0010000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9C590000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\97250000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9A8D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9C590001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\98F10001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0010002.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750003.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\91C10002.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FB4B0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2CC50000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2EE90001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B110000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\92830000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\419F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A62F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\314F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6D10000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7D530000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7BEF0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\767B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74F70000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CAB0001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6B270000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\644F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7BEF0001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7D530001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\767B0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FF330000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\8B2F0000.VBN Infected: Trojan-Downloader.Win32.Small.bkr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\87D70000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A54F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A54F0001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\90EF0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D20D0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\320B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\25C30000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1EEB0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\27570000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\207F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\320B0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\30870000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\90C10000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\8E2D0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F4E50000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9090000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E38D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DD750000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E7E50000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E5B10000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9BAD0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C96B0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\460B0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\16A30000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99D70000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99D70001.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\927F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1DB0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74530000.VBN Infected: Trojan.Win32.Dialer.iz
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\76070000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1DB0001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\73AF0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\841F0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\836B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D2430000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\CE8B0000.VBN Infected: Trojan-Proxy.Win32.Wopla.n
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\CB930000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3CFB0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3AD70000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\38830000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\072F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74F70001.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7C8B0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\791F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6C530000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\717B0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43DD0000.VBN Infected: Trojan.Win32.Dialer.iz
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DC4D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BF10000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1CAB0000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDF0000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\19430000.VBN Infected: Trojan-Dropper.Win32.Agent.abu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24F70000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\267B0000.VBN Infected: Trojan-Dropper.Win32.Small.aih
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\21EF0000.VBN Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\23130000.VBN Infected: Trojan-Dropper.Win32.Agent.ri
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E870000.VBN Infected: Trojan-Downloader.Win32.Small.asa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\280B0000.VBN Infected: Trojan.Win32.Inject.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2BBF0000.VBN Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1CAB0001.VBN Infected: Trojan-Downloader.Win32.Small.byj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDF0001.VBN Infected: Trojan-Downloader.Win32.Small.byj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\19430001.VBN Infected: Trojan.Win32.Spabot.t
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24F70001.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\73690000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\06FB0000.VBN Infected: Trojan-Spy.Win32.Goldun.ey
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\10530000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E0AF0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\267B0001.VBN Infected: Trojan.Win32.Delf.pu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3F6F0000.VBN Infected: Trojan-Proxy.Win32.Delf.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\37B30000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E170000.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E170001.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2CAB0001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\313F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DB8F0000.VBN Infected: Trojan.Win32.Delf.pu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\APTemp\AP0.dll Infected: Trojan-Spy.Win32.Idly.c
c:\Program Files\ICONS\mouse2.exe/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\mouse2.exe/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\mouse2.exe Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\movies2.exe/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\movies2.exe/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\ICONS\movies2.exe Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\MouseStick\mouse.exe/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\MouseStick\mouse.exe Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Movies\movies.exe/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Movies\movies.exe Infected: Trojan-Clicker.Win32.Instas.a
c:\HJT\backups\backup-20051208-002053-389.dll Infected: Trojan.Win32.Dialer.fu
c:\HJT\backups\backup-20051208-002053-384.dll Infected: Trojan-Downloader.Win32.IstBar.gen
c:\HJT\backups\backup-20051208-210323-298-nrna.exe Infected: Trojan.Win32.Pakes
c:\!KillBox\MSUPDATE32.DLL Infected: Trojan-Proxy.Win32.Delf.al
c:\!KillBox\wintask.exe Infected: Trojan-Downloader.Win32.Small.abd
c:\!KillBox\exp.exe Infected: Trojan-Downloader.Win32.Small.abd
c:\!KillBox\in10b6s.dll Infected: Trojan-Dropper.Win32.Small.nj
c:\!KillBox\AlwKR.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\thinInstOIT61MegaV2s.dll Infected: Trojan-Dropper.Win32.Small.abe
c:\!KillBox\Ahm9.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\SplWbr.dll Infected: Trojan-Downloader.Win32.Agent.dr
c:\!KillBox\SnuQDC65.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\Sgr88m14.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\Kwhu0Uz.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\DfsIq4.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\FigU2Q.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\Mbj4Eyx.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\Phed4.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\ZawM8.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\e2give.exe Infected: Trojan-Dropper.Win32.Agent.hl
c:\!KillBox\wuauclt.dll Infected: Trojan-Downloader.Win32.Qoologic.ae
c:\!KillBox\sav2.exe Infected: Trojan-Downloader.Win32.Agent.vp

Scan process completed.

When I read your post I deleted the files & emptied the Recycle bin

Here's the new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 4:40:59 PM, on 12/26/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab

Please let me know what's next. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 26th, 2005, 11:36 pm

Please go to the following site and upload the following file:

Site: http://virusscan.jotti.org/

File: c:\Program Files\Windows Media Player\wmplayer.exe

Put that into the top box and hit Submit. Wait for it scan then copy the results and paste it into your next reply.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Jotti's malware scan

Unread postby arqa » December 27th, 2005, 8:19 pm

Hello MaKaVeLi,

Here are the results:

File to upload & scan:
Service
Service load: 0% 100%

File: wmplayer.exe_
Status: INFECTED/MALWARE
MD5 33683b6c3ba7e258adeeab606e40394a
Packers detected: UPX
Scanner results
AntiVir Found nothing
ArcaVir Found Adware.Pacer.E
Avast Found nothing
AVG Antivirus Found Generic.GND
BitDefender Found Trojan.Downloader.BYN
ClamAV Found nothing
Dr.Web Found Adware.PaciMedia
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Pacer.e
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found W32/Pacer.E
UNA Found Adware.Pacer
VBA32 Found AdWare.Pacer.e

Please let me know what's next. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 28th, 2005, 10:45 am

Hi arqa,

Go to the following folder and tell me if you find any of the following files:

C:\Program Files\Windows Media Player\

wmplayer.exe.bak
wmplayer.bak
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » December 28th, 2005, 11:30 pm

Hello MaKaVeLi,

Didn't find any of those files.

Please tell me what's next.

Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 28th, 2005, 11:44 pm

Hi arqa,

Which version of WMP do you have?
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » December 29th, 2005, 12:41 am

Hello MaKaVeLi,

How do I check that?
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby arqa » December 29th, 2005, 11:54 pm

While I wait for your reply, I wonder what else to do...
Here's a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:54:07 PM, on 12/29/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab

Please advice. Thanks again :)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 30th, 2005, 3:09 pm

We'll start by running some fixes that should have been run before:

You have a Peper infection, please click here to download the PeperFix tool, save it to your desktop, doubleclick on it, click 'Find and Fix' and reboot if prompted.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » December 30th, 2005, 10:48 pm

Hello MaKaVeLi,

I run Find & Fix: "No peper files were detected"

Please let me know what to do next.

Thanks &

Happy New Year !!!
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » December 31st, 2005, 11:57 am

Hi arqa,

1. Copy C:\Program Files\Windows Media Player\wmplayer.exe to the desktop.

2. Scan the desktop folder with eTrust Web Scanner.

3. When done, make sure the box is checked for wmplayer.exe and click cure.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 339 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware