Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyware infection! Please review my HJT logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby arqa » January 13th, 2006, 10:55 pm

Hello MaKaVeLi,
I deleted the folder and the file.
The version is Windows Media Player Series 9, but it reinstalled
itself today (I clicked on wmplayer.exe and it didn't open, so I
clicked on setup)

I run a new HJT just in case

Logfile of HijackThis v1.99.1
Scan saved at 9:49:52 PM, on 1/13/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab

.........This line didn't get deleted by fix check
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [LoadQM] loadqm.exe.......what's this?

Please advise. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am
Advertisement
Register to Remove

Unread postby MaKaVeLi » January 13th, 2006, 11:49 pm

Download the following to your desktop and unzip it:

http://www.spywareinfo.com/~merijn/file ... ayer_9.zip

Go to the following folder and rename wmplayer.exe to wmplayer.exe.bak:

C:\Program Files\Windows Media Player

Now open the file that you just download and take wmplayer.exe and put it into this folder:

C:\Program Files\Windows Media Player

Now please go to the following site and upload the following file:

Site: http://virusscan.jotti.org/

File: C:\Program Files\Windows Media Player\wmplayer.exe

Put that into the top box and hit Submit. Wait for it scan then copy the results and paste it into your next reply.

loadqm - loadqm.exe - Process Information

Process File: loadqm or loadqm.exe
Process Name: MSN Queue Manager Loader

Description:
loadqm.exe is a part of the MSN entertainment suite. It is the MSN Queue Manager Loader, a service that is installed with either MSN explorer or messenger.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » January 15th, 2006, 12:39 pm

Hello MaKaVeLi,
Here are the results:

File: wmplayer.exe
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 c8487968225ee4b26ef41c64111095cf
Packers detected: -

Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

My question regarding Loadqm was because when I start
Windows I get a message that reads more or less like this
"Loadqm has caused an error in QMGR.dll
Loadqm will now close"

Please tell me what to do next. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » January 17th, 2006, 4:24 pm

Sorry for the late reply. Somehow I missed your response. You can delete the wmplayer.exe.bak file now but not wmplayer.exe. Can you run another full scan from the kaspersky website please? If you get that error message about Loadqm you can fix this line with HijackThis:

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » January 18th, 2006, 1:16 am

Hello MaKaVeLi,

Here's the Kaspersky report
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, January 18, 2006 00:15:17
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/01/2006
Kaspersky Anti-Virus database records: 161213
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
a:\
c:\
d:\

Scan Statistics:
Total number of scanned objects: 52779
Number of viruses found: 107
Number of infected objects: 518
Number of suspicious objects: 14
Duration of the scan process: 7994 sec

Infected Object Name - Virus Name
c:\Recycled\Dc3\btws.exe Infected: Trojan-Downloader.Win32.PurityScan.be
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698918.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698919.CPY Infected: Trojan-Downloader.Win32.Apropo.ag
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698920.CPY Infected: Trojan-Downloader.Win32.Apropo.ag
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698921.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698922.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698923.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698926.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698927.CPY Infected: Trojan-Downloader.Win32.Apropo.ag
c:\_RESTORE\ARCHIVE\FS5.CAB/A1698928.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS5.CAB Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS6.CAB/A1698991.CPY Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS6.CAB Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700763.CPY Infected: Trojan-Downloader.Win32.Dyfuca.dp
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700766.CPY Infected: Trojan-Downloader.Win32.Dyfuca.dp
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700779.CPY Infected: Trojan-Downloader.Win32.Dyfuca.de
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700781.CPY Infected: Trojan-Downloader.Win32.Dyfuca.de
c:\_RESTORE\ARCHIVE\FS16.CAB/A1700782.CPY Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS16.CAB Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790071.CPY Infected: Trojan-Downloader.Win32.Agent.vp
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790072.CPY Infected: Trojan-Dropper.Win32.Small.qn
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790073.CPY/data0002 Infected: Trojan.Win32.Registrator.b
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790073.CPY/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790073.CPY Infected: Trojan-Downloader.Win32.Small.ayh
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790074.CPY Infected: Trojan-Downloader.Win32.Small.aal
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790075.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790076.CPY Infected: Trojan-Downloader.Win32.Small.abd
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790077.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790078.CPY Infected: Trojan-Downloader.Win32.Qoologic.ad
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790079.CPY/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790079.CPY Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790080.CPY Infected: Trojan-Downloader.Win32.VB.jl
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790081.CPY Infected: Trojan-Dropper.Win32.Agent.abb
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790082.CPY Infected: Trojan-Dropper.Win32.Small.qn
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790083.CPY Infected: Packed.Win32.Klone.b
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790084.CPY Infected: Trojan-Downloader.Win32.Hanlo.e
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790085.CPY Infected: Packed.Win32.Klone.b
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790086.CPY Infected: Backdoor.Win32.Agent.ov
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790087.CPY Infected: Backdoor.Win32.Agent.rw
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790088.CPY Infected: Trojan-Proxy.Win32.Wopla.n
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790090.CPY/data0001 Infected: Trojan-Downloader.NSIS.Agent.g
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790090.CPY Infected: Trojan-Downloader.NSIS.Agent.g
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790091.CPY Infected: Trojan.Win32.Pakes
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790092.CPY Infected: Trojan.Win32.Pakes
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790093.CPY Infected: Trojan-Downloader.Win32.Qoologic.af
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790094.CPY Infected: Trojan-Downloader.Win32.Qoologic.ak
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790095.CPY Infected: Trojan-Downloader.Win32.Small.afq
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790096.CPY Infected: Trojan-Downloader.Win32.VB.ov
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790097.CPY/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790097.CPY/data.rar Infected: Trojan.Win32.LowZones.am
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790097.CPY Infected: Trojan.Win32.LowZones.am
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790098.CPY Infected: Trojan.Win32.LowZones.am
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790099.CPY Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790100.CPY Infected: Backdoor.Win32.Dumador.eo
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790101.CPY/data0002 Infected: Trojan-Downloader.Win32.Keenval
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790101.CPY/data0004 Infected: Trojan-Downloader.Win32.Keenval
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790101.CPY/data0005 Infected: Trojan-Downloader.Win32.Keenval
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790101.CPY Infected: Trojan-Downloader.Win32.Keenval
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790102.CPY/data0010 Infected: Trojan.Win32.KillApp.f
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790102.CPY/data0012 Infected: Trojan.Win32.VB.od
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790102.CPY Infected: Trojan.Win32.VB.od
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790103.CPY Infected: Trojan-Dropper.Win32.Small.ht
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0002/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0002/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0004/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0004/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY/data0004 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790105.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790106.CPY Infected: Trojan.Win32.SecondThought.an
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790107.CPY Infected: not-virus:Hoax.Win32.Renos.ac
c:\_RESTORE\ARCHIVE\FS14.CAB/W2790108.CPY Infected: Trojan-Downloader.Win32.Tibs.ai
c:\_RESTORE\ARCHIVE\FS14.CAB Infected: Trojan-Downloader.Win32.Tibs.ai
c:\_RESTORE\ARCHIVE\FS18.CAB/A1700838.CPY Infected: Trojan-Spy.Win32.VB.eh
c:\_RESTORE\ARCHIVE\FS18.CAB/A1700839.CPY Infected: Trojan-Downloader.Win32.Tibs.s
c:\_RESTORE\ARCHIVE\FS18.CAB Infected: Trojan-Downloader.Win32.Tibs.s
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700842.CPY Infected: Trojan-Downloader.Win32.Small.bxc
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700843.CPY Infected: Trojan-Downloader.Win32.Tibs.p
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700844.CPY Infected: not-virus:Hoax.Win32.Renos.ac
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700846.CPY Infected: Trojan-Downloader.Win32.Small.bwm
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700856.CPY Infected: Trojan.Win32.Favadd.an
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700859.CPY Infected: Trojan.Win32.Small.gq
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700860.CPY Infected: Trojan-Downloader.Win32.Agent.uj
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700861.CPY Infected: Trojan-Downloader.Win32.Agent.uj
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700872.CPY Infected: Trojan-Downloader.Win32.Pacer.j
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700875.CPY Infected: Trojan.Win32.Pakes
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700879.CPY Infected: Trojan.Win32.Dialer.ay
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700881.CPY Infected: Trojan-Downloader.Win32.Agent.aaf
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700882.CPY/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700882.CPY/data0002 Infected: Trojan-Dropper.Win32.VB.kk
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700882.CPY Infected: Trojan-Dropper.Win32.VB.kk
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700883.CPY Infected: Trojan-Downloader.Win32.Dyfuca.dt
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700884.CPY Infected: Trojan-Downloader.Win32.VB.hw
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700885.CPY Infected: Trojan-Downloader.Win32.Dyfuca.gen
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700887.CPY Infected: Trojan-Dropper.Win32.Agent.aac
c:\_RESTORE\ARCHIVE\FS19.CAB/A1700890.CPY Infected: Trojan-Dropper.Win32.Agent.aac
c:\_RESTORE\ARCHIVE\FS19.CAB Infected: Trojan-Dropper.Win32.Agent.aac
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700892.CPY Infected: Trojan-Dropper.Win32.VB.kk
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700894.CPY/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700894.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700894.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700895.CPY/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700895.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700895.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700896.CPY/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700896.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700897.CPY/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700897.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700901.CPY Infected: Trojan-Proxy.Win32.Small.cf
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700902.CPY Infected: Trojan-Downloader.Win32.Delf.abu
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700907.CPY Infected: Trojan-Downloader.Win32.CWS.o
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700923.CPY Infected: Trojan-Dropper.Win32.SurfSide.a
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700930.CPY Infected: Trojan-Dropper.Win32.Delf.z
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700942.CPY Infected: Trojan.Win32.Crypt.t
c:\_RESTORE\ARCHIVE\FS20.CAB/A1700974.CPY Infected: Trojan.Win32.Small.cy
c:\_RESTORE\ARCHIVE\FS20.CAB Infected: Trojan.Win32.Small.cy
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699611.CPY Infected: Trojan-Downloader.Win32.Small.abd
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699613.CPY Infected: Trojan-Downloader.Win32.Small.abd
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699615.CPY Infected: Trojan-Dropper.Win32.Small.nj
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699617.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699619.CPY Infected: Trojan-Dropper.Win32.Small.abe
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699621.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699623.CPY Infected: Trojan-Downloader.Win32.Agent.dr
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699625.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699627.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699629.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699631.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699633.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699635.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699637.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699639.CPY Infected: Trojan-Downloader.Win32.VB.em
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699641.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\_RESTORE\ARCHIVE\FS13.CAB/A1699643.CPY Infected: Trojan-Downloader.Win32.Qoologic.ae
c:\_RESTORE\ARCHIVE\FS13.CAB Infected: Trojan-Downloader.Win32.Qoologic.ae
c:\_RESTORE\ARCHIVE\FS53.CAB/A1705402.CPY Infected: Trojan-Downloader.Win32.Pacer.e
c:\_RESTORE\ARCHIVE\FS53.CAB/A1705403.CPY Infected: Trojan-Downloader.Win32.Pacer.e
c:\_RESTORE\ARCHIVE\FS53.CAB Infected: Trojan-Downloader.Win32.Pacer.e
c:\_RESTORE\ARCHIVE\FS62.CAB/A1705793.CPY Infected: Trojan-Downloader.Win32.PurityScan.be
c:\_RESTORE\ARCHIVE\FS62.CAB Infected: Trojan-Downloader.Win32.PurityScan.be
c:\_RESTORE\ARCHIVE\FS63.CAB/A1705808.CPY Infected: Trojan-Downloader.Win32.Pacer.e
c:\_RESTORE\ARCHIVE\FS63.CAB Infected: Trojan-Downloader.Win32.Pacer.e
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D1BB0000.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E4C90000.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C4AB0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50001.VBN Infected: Trojan-Dropper.Win32.Small.mr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D55F0000.VBN Infected: Trojan-Dropper.Win32.Agent.tb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50003.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0450000.VBN Infected: Trojan-Dropper.Win32.Agent.tb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50005.VBN Infected: Trojan-Downloader.Win32.Small.wj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E78B0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\29C50007.VBN Infected: Trojan-Dropper.Win32.Small.mr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0CC90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B2A90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DF1D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2750000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\62CD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\72050000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\77890000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D7370000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51490000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5FA10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5FA10001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\592D0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\64B90000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\61910000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A84F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\15530000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\15530001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1E7B0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B3F0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9AB90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\97910000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\94250000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\92110000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1E5F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5A870000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\670B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\61FF0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\01650000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\194B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\54430000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A67F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\70210000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6FC90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6AF10000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\67650000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5F950000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5F950001.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5ABD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EAED0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\53E50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4E790000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\48CD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\45D50000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7FA10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\792D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\77C50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\71710000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CFD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6E690000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\361B0000.VBN Infected: Trojan-Downloader.Win32.IstBar.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\34AF0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\23BB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6AF70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3D4D0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24710000.VBN Infected: Trojan-Downloader.Win32.IstBar.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\58DD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\57F50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\44570000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\40EF0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\60B50000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0BE10000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7F950000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BEEB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B8770000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6E990000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6E70000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B47B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A9CF0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\AF430000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\56970000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5D550000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5ED90000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\586D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51970000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4CE30000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4F6F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43AB0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BE370000.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B8830001.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51970001.VBN Infected: Trojan.Win32.ExitWin.z
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E5330000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D4870000.VBN Infected: Trojan-Downloader.Win32.Small.agq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CAB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F9110000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\86AD0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\56A50000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\51590000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6C490000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9BB0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EC530000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\288D0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DDDD0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\18870000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\12450000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\4EEF0000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\48BB0000.VBN Infected: Trojan-Downloader.Win32.VB.hj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EFA50000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\5A5D0000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2930000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DD1F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9010000.VBN Infected: Trojan-Downloader.Win32.Agent.tq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\940D0000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99F10000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A9350000.VBN Infected: Trojan-Downloader.Win32.Agent.tv
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B3650000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\829F0000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B68B0000.VBN Infected: Trojan-Downloader.JS.IstBar.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B51F0000.VBN Infected: Trojan-Proxy.Win32.Agent.df
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\0AFF0000.VBN Infected: Trojan-Proxy.Win32.Agent.df
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E75B0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C9830000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\BDBF0000.VBN Infected: Trojan-Downloader.VBS.Psyme.v
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A7E10000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\EAFD0000.VBN Infected: Trojan-Downloader.VBS.Psyme.x
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B04F0000.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DED50000.VBN Infected: Trojan.Win32.EliteBar.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9CCD0000.VBN Infected: Trojan.Win32.EliteBar.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\01010000.VBN Infected: Trojan-Dropper.Win32.Agent.xw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\39070000.VBN Infected: Trojan-Dropper.Win32.Agent.xw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B2D0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\17D50000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9AE90000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6970000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\ADB70000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2FEF0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\04470000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\740B0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\36E10001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1C50000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F3490000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\75A50000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\07B90000.VBN Infected: Trojan-Downloader.Win32.Small.bho
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\05350000.VBN Infected: Trojan-Downloader.Win32.Small.bho
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\13190000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\10950000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\02410000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDD0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\158D0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E2F90001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FF4D0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\55CB0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0010000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9C590000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\97250000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9A8D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9C590001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\98F10001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0010002.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9E750003.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\91C10002.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FB4B0000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2CC50000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2EE90001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2B110000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\92830000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\419F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A62F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\314F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B6D10000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7D530000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7BEF0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\767B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74F70000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6CAB0001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6B270000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\644F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7BEF0001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7D530001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\767B0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\FF330000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\8B2F0000.VBN Infected: Trojan-Downloader.Win32.Small.bkr
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\87D70000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A54F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A54F0001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\90EF0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D20D0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\320B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\25C30000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1EEB0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\27570000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\207F0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\320B0001.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\30870000.VBN Infected: Trojan-Dropper.Win32.Agent.mu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\90C10000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\8E2D0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F4E50000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E9090000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E38D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DD750000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E7E50000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E5B10000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\9BAD0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\C96B0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\460B0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\16A30000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99D70000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\99D70001.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\927F0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1DB0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70001.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74530000.VBN Infected: Trojan.Win32.Dialer.iz
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\A0130002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\76070000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\F1DB0001.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\73AF0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BE70002.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\841F0000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\836B0000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\D2430000.VBN Infected: Trojan-Downloader.Win32.Delf.zu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\CE8B0000.VBN Infected: Trojan-Proxy.Win32.Wopla.n
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\CB930000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3CFB0000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3AD70000.VBN Infected: Trojan-Downloader.Win32.CWS.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\38830000.VBN Infected: Email-Worm.Win32.Delf.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\072F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\74F70001.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\7C8B0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\791F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\6C530000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\717B0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\43DD0000.VBN Infected: Trojan.Win32.Dialer.iz
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DC4D0000.VBN Infected: Trojan-Dropper.Win32.Small.wp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1BF10000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1CAB0000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDF0000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\19430000.VBN Infected: Trojan-Dropper.Win32.Agent.abu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24F70000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\267B0000.VBN Infected: Trojan-Dropper.Win32.Small.aih
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\21EF0000.VBN Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\23130000.VBN Infected: Trojan-Dropper.Win32.Agent.ri
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E870000.VBN Infected: Trojan-Downloader.Win32.Small.asa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\280B0000.VBN Infected: Trojan.Win32.Inject.i
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2BBF0000.VBN Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1CAB0001.VBN Infected: Trojan-Downloader.Win32.Small.byj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\1FDF0001.VBN Infected: Trojan-Downloader.Win32.Small.byj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\19430001.VBN Infected: Trojan.Win32.Spabot.t
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\24F70001.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\73690000.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\06FB0000.VBN Infected: Trojan-Spy.Win32.Goldun.ey
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\10530000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\E0AF0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\267B0001.VBN Infected: Trojan.Win32.Delf.pu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\3F6F0000.VBN Infected: Trojan-Proxy.Win32.Delf.aa
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\37B30000.VBN Infected: Trojan-Downloader.Win32.Small.ajp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E170000.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2E170001.VBN Infected: Trojan-Proxy.Win32.Small.ct
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\2CAB0001.VBN Infected: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\313F0000.VBN Suspicious: Exploit.HTML.Mht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\DB8F0000.VBN Infected: Trojan.Win32.Delf.pu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790071.CPY Infected: Trojan-Downloader.Win32.Agent.vp
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790072.CPY Infected: Trojan-Dropper.Win32.Small.qn
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790073.CPY/data0002 Infected: Trojan.Win32.Registrator.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790073.CPY/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790073.CPY Infected: Trojan-Downloader.Win32.Small.ayh
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790074.CPY Infected: Trojan-Downloader.Win32.Small.aal
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790075.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790076.CPY Infected: Trojan-Downloader.Win32.Small.abd
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790077.CPY Infected: Trojan-Dropper.Win32.Agent.hl
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790078.CPY Infected: Trojan-Downloader.Win32.Qoologic.ad
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790079.CPY/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790079.CPY Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790080.CPY Infected: Trojan-Downloader.Win32.VB.jl
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790081.CPY Infected: Trojan-Dropper.Win32.Agent.abb
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790082.CPY Infected: Trojan-Dropper.Win32.Small.qn
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790083.CPY Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790084.CPY Infected: Trojan-Downloader.Win32.Hanlo.e
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790085.CPY Infected: Packed.Win32.Klone.b
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790086.CPY Infected: Backdoor.Win32.Agent.ov
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790087.CPY Infected: Backdoor.Win32.Agent.rw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790088.CPY Infected: Trojan-Proxy.Win32.Wopla.n
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790090.CPY/data0001 Infected: Trojan-Downloader.NSIS.Agent.g
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790090.CPY Infected: Trojan-Downloader.NSIS.Agent.g
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790091.CPY Infected: Trojan.Win32.Pakes
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790092.CPY Infected: Trojan.Win32.Pakes
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790093.CPY Infected: Trojan-Downloader.Win32.Qoologic.af
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790094.CPY Infected: Trojan-Downloader.Win32.Qoologic.ak
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790095.CPY Infected: Trojan-Downloader.Win32.Small.afq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790096.CPY Infected: Trojan-Downloader.Win32.VB.ov
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790097.CPY/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790097.CPY/data.rar Infected: Trojan.Win32.LowZones.am
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790097.CPY Infected: Trojan.Win32.LowZones.am
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790098.CPY Infected: Trojan.Win32.LowZones.am
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790099.CPY Infected: Trojan-Downloader.Win32.Dyfuca.ei
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790100.CPY Infected: Backdoor.Win32.Dumador.eo
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790101.CPY/data0002 Infected: Trojan-Downloader.Win32.Keenval
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790101.CPY/data0004 Infected: Trojan-Downloader.Win32.Keenval
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790101.CPY/data0005 Infected: Trojan-Downloader.Win32.Keenval
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790101.CPY Infected: Trojan-Downloader.Win32.Keenval
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790102.CPY/data0010 Infected: Trojan.Win32.KillApp.f
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790102.CPY/data0012 Infected: Trojan.Win32.VB.od
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790102.CPY Infected: Trojan.Win32.VB.od
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790103.CPY Infected: Trojan-Dropper.Win32.Small.ht
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0002/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0002/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0004/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0004/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY/data0004 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790105.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790106.CPY Infected: Trojan.Win32.SecondThought.an
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790107.CPY Infected: not-virus:Hoax.Win32.Renos.ac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN/W2790108.CPY Infected: Trojan-Downloader.Win32.Tibs.ai
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710000.VBN Infected: Trojan-Downloader.Win32.Tibs.ai
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710001.VBN/A1700838.CPY Infected: Trojan-Spy.Win32.VB.eh
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710001.VBN/A1700839.CPY Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710001.VBN Infected: Trojan-Downloader.Win32.Tibs.s
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700842.CPY Infected: Trojan-Downloader.Win32.Small.bxc
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700843.CPY Infected: Trojan-Downloader.Win32.Tibs.p
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700844.CPY Infected: not-virus:Hoax.Win32.Renos.ac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700846.CPY Infected: Trojan-Downloader.Win32.Small.bwm
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700856.CPY Infected: Trojan.Win32.Favadd.an
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700859.CPY Infected: Trojan.Win32.Small.gq
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700860.CPY Infected: Trojan-Downloader.Win32.Agent.uj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700861.CPY Infected: Trojan-Downloader.Win32.Agent.uj
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700872.CPY Infected: Trojan-Downloader.Win32.Pacer.j
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700875.CPY Infected: Trojan.Win32.Pakes
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700879.CPY Infected: Trojan.Win32.Dialer.ay
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700881.CPY Infected: Trojan-Downloader.Win32.Agent.aaf
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700882.CPY/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700882.CPY/data0002 Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700882.CPY Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700883.CPY Infected: Trojan-Downloader.Win32.Dyfuca.dt
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700884.CPY Infected: Trojan-Downloader.Win32.VB.hw
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700885.CPY Infected: Trojan-Downloader.Win32.Dyfuca.gen
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700887.CPY Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN/A1700890.CPY Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710002.VBN Infected: Trojan-Dropper.Win32.Agent.aac
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700892.CPY Infected: Trojan-Dropper.Win32.VB.kk
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700894.CPY/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700894.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700894.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700895.CPY/data0002/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700895.CPY/data0002 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700895.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700896.CPY/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700896.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700897.CPY/data0001 Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700897.CPY Infected: Trojan-Clicker.Win32.Instas.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700901.CPY Infected: Trojan-Proxy.Win32.Small.cf
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700902.CPY Infected: Trojan-Downloader.Win32.Delf.abu
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700907.CPY Infected: Trojan-Downloader.Win32.CWS.o
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700923.CPY Infected: Trojan-Dropper.Win32.SurfSide.a
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700930.CPY Infected: Trojan-Dropper.Win32.Delf.z
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700942.CPY Infected: Trojan.Win32.Crypt.t
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN/A1700974.CPY Infected: Trojan.Win32.Small.cy
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\B5710003.VBN Infected: Trojan.Win32.Small.cy
c:\Program Files\Symantec_Client_Security\Symantec AntiVirus\APTemp\AP0.dll Infected: Trojan-Spy.Win32.Idly.c
c:\HJT\backups\backup-20051208-002053-389.dll Infected: Trojan.Win32.Dialer.fu
c:\HJT\backups\backup-20051208-002053-384.dll Infected: Trojan-Downloader.Win32.IstBar.gen
c:\HJT\backups\backup-20051208-210323-298-nrna.exe Infected: Trojan.Win32.Pakes
c:\!KillBox\MSUPDATE32.DLL Infected: Trojan-Proxy.Win32.Delf.al
c:\!KillBox\wintask.exe Infected: Trojan-Downloader.Win32.Small.abd
c:\!KillBox\exp.exe Infected: Trojan-Downloader.Win32.Small.abd
c:\!KillBox\in10b6s.dll Infected: Trojan-Dropper.Win32.Small.nj
c:\!KillBox\AlwKR.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\thinInstOIT61MegaV2s.dll Infected: Trojan-Dropper.Win32.Small.abe
c:\!KillBox\Ahm9.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\SplWbr.dll Infected: Trojan-Downloader.Win32.Agent.dr
c:\!KillBox\SnuQDC65.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\Sgr88m14.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\Kwhu0Uz.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\DfsIq4.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\FigU2Q.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\Mbj4Eyx.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\Phed4.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\ZawM8.exe Infected: Trojan-Downloader.Win32.VB.em
c:\!KillBox\e2give.exe Infected: Trojan-Dropper.Win32.Agent.hl
c:\!KillBox\wuauclt.dll Infected: Trojan-Downloader.Win32.Qoologic.ae
c:\!KillBox\sav2.exe Infected: Trojan-Downloader.Win32.Agent.vp
c:\!KillBox\oins.exe Infected: Trojan-Downloader.Win32.PurityScan.be

Scan process completed.

Please advise. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » January 18th, 2006, 4:22 pm

1. Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3. On the Troubleshooting tab, click to select the Disable System Restore check box.
4. Click OK twice, and then click Yes when you are prompted to restart the computer.
5. To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

This will remove any malware hidden in System Restore.

You can delete everything in this folder.

C:\!KillBox\

Your system looks clean. Are you having any problems or troubles or any unknown folders in Program Files?
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » January 19th, 2006, 1:13 am

Hello MaKaVeLi,

I followed your directions, and answering to your question,
I still can't overcome the problem related to the impossibility
to open certain links... For example the one included in
Panda scan: I can click on Scan your PC and get to the new
window, but then when I click on Check now nothing happens,
and this problem appears in many cases, as I mentioned before,
even when I try to open the link in a new window.
Any suggestions?
Please advise. Thanks:)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » January 19th, 2006, 4:39 pm

Download WinPFind.zip
- Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Reboot your computer into Safe Mode.

Open the C:\WinPFind folder and double-click on WinPFind.exe.
- Click on the Start Scan button and wait for it to finish.

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt. Pleased copy that log to your next reply.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » January 20th, 2006, 10:52 pm

Hello MaKaVeLi,

Here's the scan report

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows Millennium Edition Version: 4.90.3000
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 7/23/2001 2:32:08 PM 69696 C:\Program Files\FixSirc.com

Checking %WinDir% folder...
buddy.exe 1/20/2006 9:34:58 PM RH 1503264 C:\WINDOWS\USER.DAT
SAHAgent 1/20/2006 9:25:56 PM RH 3821600 C:\WINDOWS\SYSTEM.DAT
winsync 1/20/2006 9:25:56 PM RH 3821600 C:\WINDOWS\SYSTEM.DAT

Items found in C:\WINDOWS\HOSTS

FSG! 4/2/2002 10:41:56 AM HS 66281472 C:\WINDOWS\VMMHIBER.W9X
UPX! 9/8/2005 3:33:48 PM 253952 C:\WINDOWS\CERES.DLL
buddy.exe 9/8/2005 3:33:48 PM 253952 C:\WINDOWS\CERES.DLL
UPX! 10/1/2002 9:32:46 PM 7168 C:\WINDOWS\sysres.exe
UPX! 11/25/2005 11:52:20 PM RHS 82432 C:\WINDOWS\ru.exe
UPX! 11/21/2004 9:30:48 PM 255700 C:\WINDOWS\del.tmp
UPX! 10/5/2005 1:53:14 PM 38912 C:\WINDOWS\mtuninst.exe
UPX! 11/27/2005 11:18:16 AM 226536 C:\WINDOWS\whCC-GIANT.exe
UPX! 11/27/2005 11:18:24 AM 311136 C:\WINDOWS\imgga.exe

Checking %System% folder...
PTech 8/10/2000 12:00:00 PM 88571 C:\WINDOWS\SYSTEM\MDACRDME.HTM
Umonitor 9/15/2005 8:29:00 AM 405504 C:\WINDOWS\SYSTEM\DKDRG56X.DLL
Umonitor 9/1/2005 8:11:04 AM 405504 C:\WINDOWS\SYSTEM\CTYPT32.DLL
Umonitor 9/8/2005 7:34:56 AM 405504 C:\WINDOWS\SYSTEM\MDDOCS.DLL
SAHAgent 10/17/2005 4:43:18 PM 3348 C:\WINDOWS\SYSTEM\gmv2k100.ini
aspack 12/4/2004 4:13:42 PM 7463652 C:\WINDOWS\SYSTEM\saie_kyf.dat
PTech 12/4/2004 4:13:42 PM 7463652 C:\WINDOWS\SYSTEM\saie_kyf.dat
Umonitor 8/31/2005 10:44:38 AM 405504 C:\WINDOWS\SYSTEM\QDOLE.DLL
SAHAgent 10/18/2005 9:32:56 PM 3420 C:\WINDOWS\SYSTEM\grkcff31.ini
SAHAgent 9/10/2005 12:23:02 AM 35 C:\WINDOWS\SYSTEM\3rt92a4i.ini
SAHAgent 9/10/2005 12:23:02 AM 35 C:\WINDOWS\SYSTEM\mh9lb9o1.ini
UPX! 9/18/2005 10:14:26 AM 18944 C:\WINDOWS\SYSTEM\msclock32.dll
UPX! 9/18/2005 10:13:12 AM 84132 C:\WINDOWS\SYSTEM\msplg.jpg
UPX! 9/22/2005 11:22:34 PM 374272 C:\WINDOWS\SYSTEM\ride5.0.exe
FSG! 12/13/2004 7:55:34 AM 398742 C:\WINDOWS\SYSTEM\VVXIXBk1.xml
SAHAgent 10/11/2005 7:36:30 PM 35 C:\WINDOWS\SYSTEM\9r6g27rd.ini
SAHAgent 10/11/2005 7:36:30 PM 35 C:\WINDOWS\SYSTEM\1gic91u5.ini
UPX! 11/25/2005 11:40:18 PM RHS 82432 C:\WINDOWS\SYSTEM\btws.exe

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/20/2006 9:36:58 PM RH 1503264 C:\WINDOWS\USER.DAT
1/20/2006 9:25:56 PM RH 3821600 C:\WINDOWS\SYSTEM.DAT
1/20/2006 9:33:42 PM RH 5132320 C:\WINDOWS\CLASSES.DAT
1/18/2006 11:50:54 PM H 40787 C:\WINDOWS\ttfCache
11/25/2005 11:52:20 PM RHS 82432 C:\WINDOWS\ru.exe
1/19/2006 11:46:14 PM H 642352 C:\WINDOWS\ShellIconCache
11/28/2005 9:27:00 AM RHS 401408 C:\WINDOWS\SYSTEM\eol.exe
12/6/2005 6:47:48 PM HS 846 C:\WINDOWS\SYSTEM\Oval73H.j9r
11/25/2005 11:40:18 PM RHS 82432 C:\WINDOWS\SYSTEM\btws.exe
1/18/2006 11:49:12 PM H 19872 C:\WINDOWS\PCHEALTH\HELPCTR\Database\HelpSessionHistory.stream
1/20/2006 11:12:54 AM H 6 C:\WINDOWS\TASKS\SA.DAT
1/20/2006 11:18:40 AM HS 2554 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
12/24/2005 1:28:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
12/24/2005 1:28:26 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
12/24/2005 2:03:04 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\09A10FOX\desktop.ini
12/24/2005 2:03:18 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4EEZFN52\desktop.ini
12/24/2005 2:03:20 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4ZOLEP6F\desktop.ini
12/24/2005 2:03:28 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\KJFNU0L5\desktop.ini
12/24/2005 2:03:34 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\W149UV0L\desktop.ini
12/24/2005 2:03:46 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\6L8JQ1U5\desktop.ini
12/24/2005 2:04:06 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\YZD86WPN\desktop.ini
12/24/2005 2:04:06 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\Q3URYL6Z\desktop.ini
12/24/2005 2:04:10 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\ATO3UVMR\desktop.ini
12/24/2005 2:04:18 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\9XFZFLGI\desktop.ini
12/24/2005 2:05:16 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\RS141ZEL\desktop.ini
12/24/2005 1:28:24 PM HS 113 C:\WINDOWS\History\desktop.ini
12/24/2005 1:28:26 PM HS 113 C:\WINDOWS\History\History.IE5\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/29/2002 7:07:38 AM 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 62464 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 104368 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 61200 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Conexant Systems 7/11/2001 3:13:12 AM 316416 C:\WINDOWS\SYSTEM\CSACPL.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 79872 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 111616 C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 408576 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 389872 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 15360 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 36864 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 9/16/2002 9:37:16 AM 28672 C:\WINDOWS\SYSTEM\WUAUCPL.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 66560 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 15360 C:\WINDOWS\SYSTEM\THEMES.CPL
Microsoft Corporation 2/10/1999 11:48:46 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
RealNetworks, Inc. 2/14/2004 6:40:00 PM 24576 C:\WINDOWS\SYSTEM\prefscpl.cpl
Autodesk, Inc. 3/24/1999 5:28:00 PM 393216 C:\WINDOWS\SYSTEM\PLOTMAN.CPL
Autodesk, Inc. 3/24/1999 5:28:00 PM 393216 C:\WINDOWS\SYSTEM\STYLEMAN.CPL
Apple Computer, Inc. 3/26/1998 4:36:30 PM 202240 C:\WINDOWS\SYSTEM\QuickTime.cpl
Microsoft Corporation 10/30/2001 8:10:00 AM 442368 C:\WINDOWS\SYSTEM\JOY.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
10/30/2005 3:08:16 PM 534 C:\WINDOWS\Start Menu\Programs\StartUp\Camio Viewer 3.2.lnk
10/30/2005 3:08:20 PM 584 C:\WINDOWS\Start Menu\Programs\StartUp\MA111 Configuration Utility.lnk
10/30/2005 3:08:12 PM 560 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
10/30/2005 3:08:14 PM 585 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Works Calendar Reminders.lnk
10/30/2005 3:08:20 PM 431 C:\WINDOWS\Start Menu\Programs\StartUp\Office Startup.lnk

Checking files in %USERPROFILE%\Application Data folder...
3/12/2003 11:46:58 PM 0 C:\WINDOWS\Application Data\dm.ini
11/17/2004 8:03:58 PM 497 C:\WINDOWS\Application Data\dw.log
11/23/2005 10:36:40 PM 2232871 C:\WINDOWS\Application Data\Install.dat
UPX! 10/27/2004 5:33:02 PM RHS 81408 C:\WINDOWS\Application Data\psma.exe
5/29/2005 1:14:00 PM 12 C:\WINDOWS\Application Data\uns.tmp

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{FEF10FA2-355E-4e06-9381-9B24D7F7CC88} = C:\WINDOWS\SYSTEM\SHELL32.DLL
{53C74826-AB99-4d33-ACA4-3117F51D3788} = C:\WINDOWS\SYSTEM\SHELL32.DLL
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} = C:\WINDOWS\SYSTEM\ZIPFLDR.DLL
{BD472F60-27FA-11cf-B8B4-444553540000} = C:\WINDOWS\SYSTEM\ZIPFLDR.DLL
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} = C:\WINDOWS\SYSTEM\ZIPFLDR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\ZIP7\wzshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\VPSHELL2.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\ZIP7\wzshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\VPSHELL2.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\ZIP7\wzshlext.dll

<<< WARNING! - NOT A VALID WIN98 KEY! (ME is Ok) >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7ab770c7-0e23-4d7a-8aa2-19bfad479829}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINDOWS\SYSTEM\DOCPROP2.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
Comcast Toolbar = C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\SYSTEM\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = @msdxmLC.dll,-1@1033,&Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2FDEF853-0759-11D4-A92E-006097DBED37}
ButtonText = Encarta Encyclopedia :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5DA9DE80-097A-11D4-A92E-006097DBED37}
ButtonText = Define :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRAM FILES\AIM\AIM.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A}
ButtonText = Support : http://www.comcastsupport.com/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4}
ButtonText = Help : http://online.comcast.net/help/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{4D5C8C2A-D075-11D0-B416-00C04FB90376} = Microsoft CommBand : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
WorksFUD C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe
EnsoniqMixer starter.exe
POINTER point32.exe
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
msnappau "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
pccguide.exe "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
BrowserUpdateSched C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
SSDPSRV C:\WINDOWS\SYSTEM\ssdpsrv.exe
*StateMgr C:\WINDOWS\System\Restore\StateMgr.exe
AolAcsDaemon1 "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
rtvscn95 C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
defwatch C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
TmPfw
PcCtlCom C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
NoActiveDesktop 0
ClassicShell 0
ForceActiveDesktopOn 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
CTYRIA C:\WINDOWS\SYSTEM\CTYRIA.exe
D3DDER C:\WINDOWS\SYSTEM\D3DDER.exe
MSRFOX C:\WINDOWS\SYSTEM\MSRFOX.exe
CLOUDSIM C:\WINDOWS\SYSTEM\CLOUDSIM.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallpaper 0
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook {BCBCD383-3E06-11D3-91A9-00C04F68105C} = C:\WINDOWS\SYSTEM\AUHOOK.DLL

<<< WARNING! - NOT A VALID WIN98/ME KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/20/2006 9:44:49 PM

Please advise. Thanks :)
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » January 21st, 2006, 10:27 pm

Download Kilbox.

Open killbox.exe.

Click on Tools>Delete Temp Files

A box will open with a list of all user profiles.

Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.

Temporary Internet Files
Temp Files
XP Prefetch

If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.

Then,

Check on the Button titled "Delete Selected Temp Files"

Exit by clicking the Button titled "Exit (Save Settings)"

Once back into the main killbox program.

Check the following boxes:

Delete on Reboot

Highlight all the entries in the quote box below and then Copy them.

C:\WINDOWS\VMMHIBER.W9X
C:\WINDOWS\CERES.DLL
C:\WINDOWS\sysres.exe
C:\WINDOWS\ru.exe
C:\WINDOWS\del.tmp
C:\WINDOWS\mtuninst.exe
C:\WINDOWS\whCC-GIANT.exe
C:\WINDOWS\imgga.exe
C:\WINDOWS\SYSTEM\MDACRDME.HTM
C:\WINDOWS\SYSTEM\DKDRG56X.DLL
C:\WINDOWS\SYSTEM\CTYPT32.DLL
C:\WINDOWS\SYSTEM\MDDOCS.DLL
C:\WINDOWS\SYSTEM\gmv2k100.ini
C:\WINDOWS\SYSTEM\saie_kyf.dat
C:\WINDOWS\SYSTEM\QDOLE.DLL
C:\WINDOWS\SYSTEM\grkcff31.ini
C:\WINDOWS\SYSTEM\3rt92a4i.ini
C:\WINDOWS\SYSTEM\mh9lb9o1.ini
C:\WINDOWS\SYSTEM\msclock32.dll
C:\WINDOWS\SYSTEM\msplg.jpg
C:\WINDOWS\SYSTEM\ride5.0.exe
C:\WINDOWS\SYSTEM\VVXIXBk1.xml
C:\WINDOWS\SYSTEM\9r6g27rd.ini
C:\WINDOWS\SYSTEM\1gic91u5.ini
C:\WINDOWS\SYSTEM\btws.exe
C:\WINDOWS\SYSTEM\Oval73H.j9r
C:\WINDOWS\SYSTEM\eol.exe


Then in killbox click File>>Paste from Clipboard

At this point the "All Files" button should be enabled so you can click it.

Click the "All Files" button.

Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes

A second message will ask to Reboot now? you will need to click Yes to allow the reboot.

If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Note: Killbox will let you know if a file does not exist. If that happens, just continue on.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » January 22nd, 2006, 11:07 pm

Hello MaKaVeLi,

I run Killbox.
Here's a new HJT log, just in case:

Logfile of HijackThis v1.99.1
Scan saved at 10:00:15 PM, on 1/22/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SIERRA IMAGING\IMAGE EXPERT 2000\IXAPPLET.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\SPDEVSAW.EXE DO0605
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab

Please let me know what to do next. Thanks!
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » January 23rd, 2006, 4:26 pm

Now please go to the following site and upload the following files:

Site: http://virusscan.jotti.org/

File: C:\WINDOWS\SYSTEM\WMIEXE.EXE

File: C:\WINDOWS\SYSTEM\DDHELP.EXE

Put that into the top box and hit Submit. Wait for it scan then copy the results and paste it into your next reply.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby arqa » January 23rd, 2006, 7:48 pm

Hello MaKaVeLi,

Here are the results:

Service load: 0% 100%

File: WMIEXE.EXE
Status: OK
MD5 ea853f9a2653506a4653bd0c056d21a8
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
----------------------------------------------
Service load: 0% 100%

File: DDHELP.EXE
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 f62f3495c1e013a63698d556c80e1b62
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing


Also, browsing thru C:\WINDOWS\SYSTEM
I found the following files... Are they malware?

drsmartload183a.exe
creditcard21.ico
ASYCFILT.exe
idesk.conf
ihoodf.exe
installer216.exe
kevid1.ico
Mjuegn.exe
Ip4cdeds.dat
mmxruss.exe
mp3red5.ico
opr.exe
russandmmx.exe
setup1052.exe
setup179.exe
setup2021.exe
setup2-71.exe
VB2.exe
vip-card21.ico
virushunter21.ico
WinDy.exe
ysbinstall_1
ysysyv6d.exe
ysysyv2d.exe
zxdnt3d.cfg

Please advice. Thanks :)
winsub.xml
arqa
Regular Member
 
Posts: 55
Joined: December 1st, 2005, 1:21 am

Unread postby MaKaVeLi » January 25th, 2006, 4:52 pm

Yeah you can delete those and the following:

C:\WINDOWS\Application Data\psma.exe

Download the following and run it and post the log.

http://www.sysinternals.com/Files/RootkitRevealer.zip
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby Kimberly » January 28th, 2006, 1:16 pm

Hello arqa,

Due to some real life issues, MaKaVeLi can't assist you anymore for the moment. If you agree we will continu to work on your issues. I need some time to go over your previous posts and see what needs to be fixed. I was told that you had a PSAPI.dll issue, this is normal because that library is reserved for Windows NT4 and higher. Rootkit Revealer will not run on your system either. We still need to find out if the Apropos rootkit is active and installed thus we need to hunt it down manually. Once all the malware removed from your PC (if possible) we'll see the links problems.

For now I would like you to do the following:

Download Bobbi Flekman's RegSearch from
http://www.bleepingcomputer.com/files/regsearch.php

Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.

Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.
Copy / Paste the following line into the Search Box:

contextplus

then hit Ok

After completion Notepad will be opened with all the found instances of the string. The resulting file is saved in the same location as RegSearch.exe.

If you have trouble with the above program, download this alternative tool :

Please download the Registry Search Tool from here:
http://www.billsway.com/vbspage/

Unzip it to a convienant location such as your Desktop. Make sure that your Antivirus / OS allows the use of the .vbs scripts. If prompted, make sure to allow the script.

Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

contextplus

then hit Ok

It may take a while to run. It will tell you when it's done and offer you to look at the file.
Say Yes and when it opens copy/paste the content in your reply.
______________________________

Run HijackThis, click on Open the Misc Tools Section, put a checkmark in List also minor sections and List empty sections. Click on Generate StartupList log, anwser Yes and copy/paste the content in your reply.
Click Back and Click on Scan. When the scan is finished, click Save Log and paste the content in your reply.
______________________________

Post the content of 2 system files please.
  1. Click on the Start button then click on Run.
    Type in SYSEDIT then click OK. The System Configuration Editor will then appear with several windows opening on your screen.
  2. Locate the C:\WINDOWS\WIN.INI window. Copy and paste the content in your reply.
  3. Locate the C:\WINDOWS\SYSTEM.INI window. Copy and paste the content in your reply.
  4. Close sysedit.
______________________________

Please post:

1. Results of the registry search
2. Startup list
3. A new HijackThis log.
4. Content of Win.ini and System.ini

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware