• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
JASON CHON

in suspicion of a virus and occasional pop-ups

20 posts in this topic

not sure if i really do have a virus but my antivir program keeps popping up with messages saying there is an unwanted program. plus, there are occasional pop-ups which makes it even more suspicious

 

heres my log

 

Logfile of HijackThis v1.99.1

Scan saved at 19:50, on 07-06-09

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

D:\WINDOWS\System32\conime.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\DAEMON Tools SearchBar\Search.exe

D:\Program Files\DAEMON Tools SearchBar\whse.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\Program Files\Common Files\WhenU\DTAdapter.exe

D:\Program Files\DAEMON Tools\daemon.exe

D:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\WINDOWS\system32\NOTEPAD.EXE

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\taskmgr.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\VirtuallTek\Fighter Factory\ff32.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\WINDOWS\avp.exe

D:\WINDOWS\System32\rundll32.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program Files\HJT\Analyse.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {9142C78F-3321-4F68-BA06-DAC6C8DB37FF} - D:\WINDOWS\System32\awtss.dll

O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - D:\Program Files\DAEMON Tools SearchBar\search.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WhenUSearch] "D:\Program Files\DAEMON Tools SearchBar\Search.exe"

O4 - HKLM\..\Run: [WhenUSearchWHSE] "D:\Program Files\DAEMON Tools SearchBar\whse.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638EF323A15806F97BDE4417E70CE7C0726B954E1C2832211379926033AAC

O4 - HKLM\..\Run: [sManager] smanager.7.exe

O4 - HKLM\..\Run: [CTDrive] rundll32.exe D:\WINDOWS\System32\drvtaf.dll,startup

O4 - HKLM\..\Run: [avp] D:\WINDOWS\avp.exe

O4 - HKLM\..\Run: [ipmon] ipmon.exe

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "D:\WINDOWS\System32\ksjyfgkf.dll",realset

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx

O20 - Winlogon Notify: awtss - D:\WINDOWS\System32\awtss.dll

O20 - Winlogon Notify: ssqqolj - D:\WINDOWS\SYSTEM32\ssqqolj.dll

O20 - Winlogon Notify: winbjt32 - D:\WINDOWS\SYSTEM32\winbjt32.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi Jason Chon

 

Please download VundoFix.exe

to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above

instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

 

Please post the contents of C:\vundofix.txt and a new HiJackThis log in your next post

Share this post


Link to post
Share on other sites

i am terribly sorry for the late reply. my internet was down for a while now

anyways here are the logs

 

VundoFix V6.5.0

 

Checking Java version...

 

Java version is 1.5.0.7

Old versions of java are exploitable and should be removed.

 

Scan started at 09:40:37 07-06-17

 

Listing files found while scanning....

 

D:\windows\system32\awtss.dll

D:\WINDOWS\System32\awvtq.dll

D:\windows\system32\fkgfyjsk.ini

D:\windows\system32\ggmatuyn.exe

D:\windows\system32\ksjyfgkf.dll

D:\windows\system32\mmoahgew.dll

D:\windows\system32\pmnmmli.dll

D:\WINDOWS\System32\qtvwa.bak1

D:\WINDOWS\System32\qtvwa.ini

D:\windows\system32\ssqqolj.dll

D:\WINDOWS\System32\sstwa.ini

D:\windows\system32\xrhbcftw.dll

 

Beginning removal...

 

Attempting to delete D:\windows\system32\awtss.dll

D:\windows\system32\awtss.dll Could not be deleted.

 

Attempting to delete D:\windows\system32\fkgfyjsk.ini

D:\windows\system32\fkgfyjsk.ini Has been deleted!

 

Attempting to delete D:\windows\system32\ggmatuyn.exe

D:\windows\system32\ggmatuyn.exe Has been deleted!

 

Attempting to delete D:\windows\system32\ksjyfgkf.dll

D:\windows\system32\ksjyfgkf.dll Has been deleted!

 

Attempting to delete D:\windows\system32\mmoahgew.dll

D:\windows\system32\mmoahgew.dll Has been deleted!

 

Attempting to delete D:\windows\system32\pmnmmli.dll

D:\windows\system32\pmnmmli.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\System32\qtvwa.bak1

D:\WINDOWS\System32\qtvwa.bak1 Has been deleted!

 

Attempting to delete D:\WINDOWS\System32\qtvwa.ini

D:\WINDOWS\System32\qtvwa.ini Has been deleted!

 

Attempting to delete D:\windows\system32\ssqqolj.dll

D:\windows\system32\ssqqolj.dll Could not be deleted.

 

Attempting to delete D:\WINDOWS\System32\sstwa.ini

D:\WINDOWS\System32\sstwa.ini Has been deleted!

 

Attempting to delete D:\windows\system32\xrhbcftw.dll

D:\windows\system32\xrhbcftw.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete D:\windows\system32\awtss.dll

D:\windows\system32\awtss.dll Has been deleted!

 

Attempting to delete D:\windows\system32\ssqqolj.dll

D:\windows\system32\ssqqolj.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Logfile of HijackThis v1.99.1

Scan saved at 09:56, on 07-06-17

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

D:\WINDOWS\System32\yumngbsa.exe

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\DAEMON Tools\daemon.exe

D:\WINDOWS\csrss.exe

D:\Program Files\Ipwindows\ipwins.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\Program Files\Real\RealPlayer\RealPlay.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\WINDOWS\System32\taskmgr.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program Files\HJT\Analyse.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {25CB092F-48FA-4F9A-89CC-E90C51312A6A} - D:\WINDOWS\System32\awvtq.dll (file missing)

O2 - BHO: H - {3644117A-821A-4cc4-ADD5-226A6694F722} - D:\WINDOWS\System32\co.dll (file missing)

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - D:\WINDOWS\System32\pgnxcslp.dll (file missing)

O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - D:\WINDOWS\System32\ssqqolj.dll

O2 - BHO: (no name) - {9A06836A-0E41-429F-BC31-33C4348253Db} - D:\WINDOWS\System32\udccbhgk.dll (file missing)

O2 - BHO: (no name) - {E50F832B-C808-4750-96D6-5B1B0F4A6B00} - D:\WINDOWS\System32\awtss.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638EF323A15806F97BDE4417E70CE7C0726B954E1C2832211379926033AAC

O4 - HKLM\..\Run: [sManager] smanager.7.exe

O4 - HKLM\..\Run: [CTDrive] rundll32.exe D:\WINDOWS\System32\drvtaf.dll,startup

O4 - HKLM\..\Run: [avp] D:\WINDOWS\avp.exe

O4 - HKLM\..\Run: [ipmon] ipmon.exe

O4 - HKLM\..\Run: [smgr] smgr.exe

O4 - HKLM\..\Run: [hwfutczk.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "D:\WINDOWS\System32\pogfldqt.dll",realset

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [csrss] D:\WINDOWS\csrss.exe

O4 - HKCU\..\Run: [ipWins] D:\Program Files\Ipwindows\ipwins.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx

O20 - Winlogon Notify: awvtq - D:\WINDOWS\System32\awvtq.dll (file missing)

O20 - Winlogon Notify: winbjt32 - D:\WINDOWS\SYSTEM32\winbjt32.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: DomainService - - D:\WINDOWS\System32\yumngbsa.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Share this post


Link to post
Share on other sites

Hi JASON CHON..

i am terribly sorry for the late reply. my internet was down for a while now

No problem, the thread would remain open for at least 10 days from your last post before I would get it closed / moved etc..

======================================================================

 

 

1. Download this file - ComboFix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

 

 

Also..

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Please post back with the ComboFix log, the Contents of Report.txt and a fresh HJT log..

Share this post


Link to post
Share on other sites

the combo fix log

 

ComboFix 07-06-13.7 - D:\Documents and Settings\Jason\Desktop\ComboFix.exe

"Jason" - 2007-06-17 12:13:44 - Service Pack 1 NTFS

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

D:\WINDOWS\system32\awvvs.dll

D:\WINDOWS\system32\comi.dll

D:\WINDOWS\system32\gqbhtxal.dll

D:\WINDOWS\system32\injjrljo.dll

D:\WINDOWS\system32\iwbndgla.dll

D:\WINDOWS\system32\pogfldqt.dll

D:\WINDOWS\system32\winbjt32.dll

D:\WINDOWS\system32\svvwa.bak1

D:\WINDOWS\system32\svvwa.ini

D:\WINDOWS\system32\ojlrjjni.ini

D:\WINDOWS\system32\ojlrjjni.ini2

D:\WINDOWS\system32\ojlrjjni.tmp

D:\WINDOWS\system32\algdnbwi.ini

D:\WINDOWS\system32\algdnbwi.ini2

D:\WINDOWS\system32\algdnbwi.tmp

D:\WINDOWS\system32\tqdlfgop.ini

D:\WINDOWS\system32\svvwa.bak1

D:\WINDOWS\system32\svvwa.ini

D:\WINDOWS\system32\algdnbwi.ini

D:\WINDOWS\system32\algdnbwi.ini2

D:\WINDOWS\system32\algdnbwi.tmp

D:\WINDOWS\system32\ojlrjjni.ini

D:\WINDOWS\system32\ojlrjjni.ini2

D:\WINDOWS\system32\ojlrjjni.tmp

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

D:\DOCUME~1\Jason\APPLIC~1.\macromedia\Flash Player\#SharedObjects\QTNRA75R\www.broadcaster.com

D:\DOCUME~1\Jason\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

D:\DOCUME~1\Jason\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

D:\DOCUME~1\Jason\Desktop\internet.lnk

D:\install.log

D:\Program Files\inetget2

D:\Program Files\ipwindows

D:\Program Files\ipwindows\ipwins.dll

D:\Program Files\ipwindows\ipwins.exe

D:\Program Files\ipwindows\UnInstall.exe

D:\WINDOWS\b122.exe

D:\WINDOWS\b136.exe

D:\WINDOWS\csrss.exe

D:\WINDOWS\retadpu172.exe

D:\WINDOWS\system32\comi.dll

D:\WINDOWS\system32\cookie.dat

D:\WINDOWS\system32\drivers\core.cache.dsk

D:\WINDOWS\system32\drivers\core.sys

D:\WINDOWS\system32\max1d1641.exe

D:\WINDOWS\system32\mp43.exe

D:\WINDOWS\system32\wmvds32.dll

D:\WINDOWS\Uninst2.htm

D:\WINDOWS\Unist1.htm

D:\WINDOWS\wr.txt

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_CORE

-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS

-------\core

-------\nm

 

 

((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))

 

 

2007-06-17 12:13 49,152 --a------ D:\WINDOWS\nircmd.exe

2007-06-17 10:46 56,832 --a------ D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\szarkrmf.exe

2007-06-17 09:40 <DIR> d----c--- D:\VundoFix Backups

2007-06-16 22:09 1,922,048 --a------ D:\WINDOWS\system32\gdql_lsa.dll

2007-06-16 22:09 <DIR> d-------- D:\Program Files\Linksys EasyLink Advisor

2007-06-16 22:06 <DIR> d--h----- D:\DOCUME~1\Jason\APPLIC~1\GTek

2007-06-16 22:06 <DIR> d-------- D:\DOCUME~1\MUGE~1.N\APPLIC~1\Gtek

2007-06-16 22:06 <DIR> d-------- D:\DOCUME~1\Guest\APPLIC~1\Gtek

2007-06-16 22:06 <DIR> d-------- D:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Gtek

2007-06-16 22:06 <DIR> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek

2007-06-16 22:05 6,977 --a------ D:\WINDOWS\system32\DDMI2.sys

2007-06-16 22:05 6,656 --a------ D:\WINDOWS\system32\DLPT2.sys

2007-06-16 22:05 28,672 --a------ D:\WINDOWS\system32\drivers\goprot51.sys

2007-06-16 22:05 135,168 --a------ D:\WINDOWS\system32\GoProto.dll

2007-06-16 22:05 <DIR> d-ah----- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\GTek

2007-06-16 19:27 <DIR> d-------- D:\DOCUME~1\MUGE~1.N\APPLIC~1\Jasc Software Inc

2007-06-15 10:32 <DIR> d-------- D:\Program Files\Flash-SWF to AVI-GIF

2007-06-15 10:32 <DIR> d-------- D:\Program Files\Common Files\GeoVid

2007-06-15 10:32 <DIR> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\GeoVid

2007-06-15 10:31 <DIR> d-------- D:\DOCUME~1\Jason\APPLIC~1\GRETECH

2007-06-15 10:31 <DIR> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\GRETECH

2007-06-15 10:30 <DIR> d-------- D:\Program Files\Common Files\Jasc Software Inc

2007-06-15 10:17 6,696,960 --a------ D:\DOCUME~1\Jason\ntuser.dat

2007-06-12 08:33 122,900 --a------ D:\WINDOWS\system32\yumngbsa.exe

2007-06-11 16:43 <DIR> d-------- D:\Program Files\Character Patcher

2007-06-10 19:44 57,344 --a------ D:\WINDOWS\os1zn2mO7Z.exe

2007-06-10 05:33 76,412 --a------ D:\WINDOWS\system32\ahfyjtlg.dll.vir

2007-06-10 05:33 1 --a------ D:\WINDOWS\system32\ps.dat

2007-06-10 05:32 44,338 --a------ D:\WINDOWS\system32\cimm.dll

2007-06-09 20:21 <DIR> d-------- D:\Program Files\Advanced Batch Converter

2007-06-09 19:54 28,160 --a------ D:\WINDOWS\system32\sysmon32.exe

2007-06-09 19:53 <DIR> d-------- D:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\WhenU

2007-06-09 19:42 <DIR> d-------- D:\Program Files\Moyea

2007-06-09 19:33 33,302 --------- D:\WINDOWS\system32\ssqqolj.dll

2007-06-09 19:09 <DIR> d-------- D:\DOCUME~1\Jason\APPLIC~1\Eltima Software

2007-06-09 12:19 <DIR> d-------- D:\DOCUME~1\Jason\.SunDownloadManager

2007-06-02 21:14 <DIR> d-------- D:\Program Files\MKVtoolnix

2007-06-02 20:47 <DIR> d-------- D:\Program Files\MKVTOAVI

2007-06-02 20:44 <DIR> d-------- D:\Program Files\GeoVid

2007-06-02 20:44 <DIR> d-------- D:\DOCUME~1\Jason\APPLIC~1\GeoVid

2007-06-02 15:30 <DIR> d-------- D:\DOCUME~1\Jason\tutorial_mugen1

2007-06-01 09:29 <DIR> d-------- D:\Program Files\GRETECH

2007-05-23 20:34 <DIR> d-------- D:\Program Files\StepMania

2007-05-21 20:40 <DIR> d-------- D:\Program Files\Jasc Software Inc

2007-05-21 20:40 <DIR> d-------- D:\DOCUME~1\Jason\APPLIC~1\Jasc Software Inc

2007-05-19 13:40 <DIR> d-------- D:\Program Files\BackStreet Browser 3.1

2007-05-19 13:39 <DIR> d-------- D:\Program Files\WinHTTrack

2007-05-19 13:33 <DIR> d-------- D:\Program Files\SurfOffline

2007-05-18 19:44 <DIR> d-------- D:\Program Files\Common Files\Blizzard Entertainment

2007-05-18 09:40 <DIR> d-------- D:\DOCUME~1\MUGE~1.N\APPLIC~1\Real

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-17 15:12:41 -------- d-----w D:\Program Files\Starcraft

2007-06-17 13:56:09 -------- d-----w D:\Program Files\HJT

2007-06-15 14:31:14 -------- d-----w D:\Program Files\eMule

2007-06-15 14:18:12 -------- d-----w D:\Program Files\DAEMON Tools SearchBar

2007-06-15 13:43:20 664 ----a-w D:\WINDOWS\system32\d3d9caps.dat

2007-06-12 22:52:08 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\FrostWire

2007-06-11 20:48:19 286,720 ------w D:\WINDOWS\Setup1.exe

2007-05-25 13:08:00 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\AdobeUM

2007-05-17 14:41:28 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\uTorrent

2007-05-17 14:13:38 -------- d-----w D:\Program Files\ZipZag

2007-05-16 19:04:23 -------- d-----w D:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo

2007-05-14 22:20:42 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\Real

2007-05-14 22:18:40 -------- d-----w D:\Program Files\Common Files\xing shared

2007-05-14 22:18:38 -------- d-----w D:\Program Files\Common Files\Real

2007-05-14 22:18:28 -------- d-----w D:\Program Files\Real

2007-05-12 16:36:10 -------- d-----w D:\Program Files\IZArc

2007-05-12 16:29:03 1,676,001 -c--a-w D:\chi-chan.exe

2007-05-12 15:46:00 -------- d-----w D:\Program Files\Zipfusion

2007-05-12 15:45:20 -------- d-----w D:\Program Files\Game_Maker7

2007-05-12 15:30:21 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\ZipZag

2007-05-12 15:26:19 -------- d-----w D:\Program Files\GCA

2007-05-12 12:53:41 -------- d--h--w D:\Program Files\InstallShield Installation Information

2007-05-12 12:53:41 -------- d-----w D:\Program Files\YAMAHA

2007-05-12 03:02:28 -------- d-----w D:\Program Files\VideoLAN

2007-05-12 01:47:22 -------- d-----w D:\Program Files\Zoom Player

2007-05-04 23:41:04 -------- d-----w D:\Program Files\One Piece Grand Line-BETA

2007-05-02 22:06:19 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\VMware

2007-05-01 00:35:57 -------- d-----w D:\Program Files\TallStick

2007-05-01 00:35:38 -------- d-----w D:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo

2007-04-30 21:50:46 4,096 ----a-w D:\WINDOWS\d3dx.dat

2007-04-28 13:16:26 -------- d-----w D:\Program Files\Guitar Pro 5

2007-04-26 21:35:45 -------- d-----w D:\Program Files\DGCA

2007-04-25 01:30:49 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\Ringtone

2007-04-22 19:56:12 -------- d-----w D:\Program Files\DirPrn

2007-04-22 19:48:53 73,216 ------w D:\WINDOWS\ST6UNST.EXE

2007-04-22 02:16:30 -------- d-----w D:\Program Files\VirtuallTek

2007-04-19 01:17:29 -------- d-----w D:\Program Files\Altap Salamander 2.5 RC3

2007-04-17 19:42:19 -------- d-----w D:\Program Files\ZOO Digital Publishing

2007-04-17 19:29:05 -------- d-----w D:\Program Files\DAEMON Tools

2007-04-17 19:13:04 682,232 ----a-w D:\WINDOWS\system32\drivers\sptd.sys

2005-07-29 23:24:26 472 -csha-r D:\WINDOWS\SmFzb24gQ2hvbg\mAIWvZb0kZ1Sv0.vbs

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{25CB092F-48FA-4F9A-89CC-E90C51312A6A}=D:\WINDOWS\System32\awvtq.dll []

{3644117A-821A-4cc4-ADD5-226A6694F722}=D:\WINDOWS\System32\co.dll []

{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=D:\WINDOWS\System32\pgnxcslp.dll []

{9A06836A-0E41-429F-BC31-33C4348253Db}=D:\WINDOWS\System32\udccbhgk.dll []

{E50F832B-C808-4750-96D6-5B1B0F4A6B00}=D:\WINDOWS\System32\awtss.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-27 14:47]

"OutpostFeedBack"="D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe" []

"SigmatelSysTrayApp"="sttray.exe" []

"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34]

"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]

"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]

"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-14 18:18]

"ipmon"="ipmon.exe" []

"hwfutczk.exe"="D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe" []

"szarkrmf.exe"="D:\Documents and Settings\All Users.WINDOWS\Application Data\szarkrmf.exe" [2007-06-17 10:46]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2002-08-20 18:08]

"Free Download Manager"="D:\Program Files\Free Download Manager\fdm.exe" []

"ctfmon.exe"="D:\WINDOWS\System32\ctfmon.exe" [2002-08-29 08:00]

"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29]

"csrss"="D:\WINDOWS\csrss.exe" []

"EasyLinkAdvisor"="D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq]

D:\WINDOWS\System32\awvtq.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Jason^Start Menu^Programs^Startup^AdsGone.lnk]

path=D:\Documents and Settings\Jason\Start Menu\Programs\Startup\AdsGone.lnk

backup=D:\WINDOWS\pss\AdsGone.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Jason^Start Menu^Programs^Startup^GreatMemo.lnk]

path=D:\Documents and Settings\Jason\Start Menu\Programs\Startup\GreatMemo.lnk

backup=D:\WINDOWS\pss\GreatMemo.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

D:\Program Files\Free Download Manager\fdm.exe -autorun

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperProfessional]

"D:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

sttray.exe

 

*Newly Created Service* - GTNDIS5

 

Contents of the 'Scheduled Tasks' folder

2007-06-08 14:54:00 D:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-06-14 04:00:30 D:\WINDOWS\tasks\At1.job

2007-06-17 13:00:00 D:\WINDOWS\tasks\At10.job

2007-06-17 14:00:00 D:\WINDOWS\tasks\At11.job

2007-06-17 15:00:00 D:\WINDOWS\tasks\At12.job

2007-06-17 16:00:00 D:\WINDOWS\tasks\At13.job

2007-06-16 22:55:25 D:\WINDOWS\tasks\At14.job

2007-06-16 22:55:25 D:\WINDOWS\tasks\At15.job

2007-06-16 22:55:25 D:\WINDOWS\tasks\At16.job

2007-06-16 22:55:26 D:\WINDOWS\tasks\At17.job

2007-06-16 22:55:26 D:\WINDOWS\tasks\At18.job

2007-06-16 22:55:27 D:\WINDOWS\tasks\At19.job

2007-06-14 05:00:30 D:\WINDOWS\tasks\At2.job

2007-06-16 23:00:24 D:\WINDOWS\tasks\At20.job

2007-06-17 00:00:00 D:\WINDOWS\tasks\At21.job

2007-06-17 01:00:00 D:\WINDOWS\tasks\At22.job

2007-06-17 02:00:12 D:\WINDOWS\tasks\At23.job

2007-06-15 03:00:30 D:\WINDOWS\tasks\At24.job

2007-06-14 06:00:30 D:\WINDOWS\tasks\At3.job

2007-06-14 07:00:30 D:\WINDOWS\tasks\At4.job

2007-06-14 08:00:30 D:\WINDOWS\tasks\At5.job

2007-06-14 09:00:30 D:\WINDOWS\tasks\At6.job

2007-06-14 10:00:30 D:\WINDOWS\tasks\At7.job

2007-06-14 11:00:30 D:\WINDOWS\tasks\At8.job

2007-06-14 12:01:25 D:\WINDOWS\tasks\At9.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-17 12:18:52

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-17 12:20:46 - machine was rebooted

D:\ComboFix-quarantined-files.txt ... 2007-06-17 12:20

 

--- E O F ---

 

 

here is the SDfix log

 

 

SDFix: Version 1.88

 

Run by Jason on 07-06-17 at 12:32

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: D:\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

D:\WINDOWS\system32\alog.txt - Deleted

D:\WINDOWS\system32\ps.dat - Deleted

D:\WINDOWS\system32\sysmon32.exe - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

Checking D:\WINDOWS\

D:\WINDOWS

No streams found.

 

Checking D:\WINDOWS\system32

D:\WINDOWS\system32

No streams found.

 

Checking D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

No streams found.

 

Checking D:\WINDOWS\system32\ntoskrnl.exe

D:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"D:\\WINDOWS\\System32\\yumngbsa.exe"="D:\\WINDOWS\\System32\\yum"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

Remaining Files:

---------------

 

Backups Folder: - D:\SDFix\backups\backups.zip

 

Listing Files with Hidden Attributes:

 

D:\Program Files\BitLord\Downloads\Vipersdenforums.com ~ Gianna Micheals\Thumbs.db

D:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp

D:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp

D:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\395d7c487b907ace6e3ab1717abb0401\BIT65.tmp

D:\WINDOWS\system32\config\default.tmp.LOG

D:\WINDOWS\system32\config\sam.tmp.LOG

D:\WINDOWS\system32\config\security.tmp.LOG

D:\WINDOWS\system32\config\software.tmp.LOG

D:\WINDOWS\system32\config\system.tmp.LOG

 

Listing User Accounts:

 

User accounts for \\JASON-6O3MZY0B5

 

Administrator ASPNET Guest

HelpAssistant Jason M.U.G.E.N

SUPPORT_388945a0

 

 

Finished

and the HJT log

 

Logfile of HijackThis v1.99.1

Scan saved at 12:46, on 07-06-17

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\conime.exe

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

D:\WINDOWS\System32\yumngbsa.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\DAEMON Tools\daemon.exe

D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

D:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\WINDOWS\Explorer.EXE

D:\Program Files\HJT\Analyse.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {25CB092F-48FA-4F9A-89CC-E90C51312A6A} - D:\WINDOWS\System32\awvtq.dll (file missing)

O2 - BHO: H - {3644117A-821A-4cc4-ADD5-226A6694F722} - D:\WINDOWS\System32\co.dll (file missing)

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - D:\WINDOWS\System32\pgnxcslp.dll (file missing)

O2 - BHO: (no name) - {9A06836A-0E41-429F-BC31-33C4348253Db} - D:\WINDOWS\System32\udccbhgk.dll (file missing)

O2 - BHO: (no name) - {E50F832B-C808-4750-96D6-5B1B0F4A6B00} - D:\WINDOWS\System32\awtss.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ipmon] ipmon.exe

O4 - HKLM\..\Run: [hwfutczk.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe

O4 - HKLM\..\Run: [szarkrmf.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\szarkrmf.exe

O4 - HKLM\..\Run: [sC2] D:\WINDOWS\System32\scchk32.exe

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx

O20 - Winlogon Notify: awvtq - D:\WINDOWS\System32\awvtq.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: DomainService - - D:\WINDOWS\System32\yumngbsa.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Share this post


Link to post
Share on other sites

Hi Jason Chan..

 

Download Deljob.exe and save it on your desktop.

Doubleclick Deljob.exe

 

A log (logit.txt) should open afterwards. This log will be present on your desktop.

Post the contents of the log in your next reply.

 

 

Run HijackThis

Click on do a system scan only

Place a check next to these lines(if still present)

O2 - BHO: (no name) - {25CB092F-48FA-4F9A-89CC-E90C51312A6A} - D:\WINDOWS\System32\awvtq.dll (file missing)

O2 - BHO: H - {3644117A-821A-4cc4-ADD5-226A6694F722} - D:\WINDOWS\System32\co.dll (file missing)

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - D:\WINDOWS\System32\pgnxcslp.dll (file missing)

O2 - BHO: (no name) - {9A06836A-0E41-429F-BC31-33C4348253Db} - D:\WINDOWS\System32\udccbhgk.dll (file missing)

O2 - BHO: (no name) - {E50F832B-C808-4750-96D6-5B1B0F4A6B00} - D:\WINDOWS\System32\awtss.dll (file missing)

O4 - HKLM\..\Run: [ipmon] ipmon.exe

O4 - HKLM\..\Run: [hwfutczk.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe

O4 - HKLM\..\Run: [szarkrmf.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\szarkrmf.exe

O4 - HKLM\..\Run: [sC2] D:\WINDOWS\System32\scchk32.exe

O20 - Winlogon Notify: awvtq - D:\WINDOWS\System32\awvtq.dll (file missing)

Then close all windows and browsers except HijackThis and click Fix Checked

 

Now, on your desktop..Right click on My Computer select Explore..

Navigate to and delete all of the following Files and Folders in BOLD..

If you can't find a particular file/folder just go on to the next in the list..

 

D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe

D:\Documents and Settings\All Users.WINDOWS\Application Data\szarkrmf.exe

D:\WINDOWS\System32\scchk32.exe

D:\WINDOWS\System32\ipmon.exe

 

If you receive errors when attempting to delete any of those files, boot to Safe Mode and go after them again.

 

Only if needed HOW TO REBOOT INTO SAFE MODE

  • Restart your computer.
  • Tap the F8 key just before Windows starts to load".
  • Once "Advanced Options" appears, highlight "Safe Mode" and press Enter.

 

 

Please go here:

Click here to use the F-Secure Online Scanner

  • Then click the Start Scanning button below.
  • You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and copy and paste what's present under results in your next reply.

 

Please post back with the logs from:

  • logit.txt
  • F_Secure
  • and a fresh HJT log.

Please update me on how your computer is running.... :thumbsup:

Share this post


Link to post
Share on other sites

im sorry but using F-Secure Online Scanner won't work for me because you have to be online to do it and my internet switches on and off randomly. so i have to keep restarting the scan because of this. is there an alternate for this that dosen't require the use of the internet? if not then i will try my best getting f-secure to work.

 

anyways here are the logs from log.txt and HJT

 

 

 

--------------------------------------------------------

No LOP jobs found

--------------------------------------------------------

Files remaining after cleaning

 

AppleSoftwareUpdate.job

At1.job

At10.job

At11.job

At12.job

At13.job

At14.job

At15.job

At16.job

At17.job

At18.job

At19.job

At2.job

At20.job

At21.job

At22.job

At23.job

At24.job

At3.job

At4.job

At5.job

At6.job

At7.job

At8.job

At9.job

--------------------------------------------------------

App data folders

 

Volume in drive D is Local Disk

Volume Serial Number is 9C97-0F93

 

Directory of D:\Documents and Settings\Jason\Application Data

 

07-06-16 22:06 <DIR> .

07-06-16 22:06 <DIR> ..

07-03-02 16:28 <DIR> ACAMPREF

06-07-09 16:49 <DIR> ACDSYS~1 ACD Systems

06-11-24 14:15 <DIR> Adobe

07-05-25 09:08 <DIR> AdobeUM

06-06-07 18:17 <DIR> Aim

06-06-29 16:34 <DIR> APPLEC~1 Apple Computer

06-05-30 19:57 <DIR> CORECO~1 CoreCodec

07-06-09 19:09 <DIR> ELTIMA~1 Eltima Software

07-06-12 18:52 <DIR> FROSTW~1 FrostWire

07-06-09 19:59 <DIR> GeoVid

06-08-13 14:44 <DIR> Google

06-06-16 02:19 <DIR> GREATM~1 GreatMemo

07-06-15 10:31 <DIR> GRETECH

07-06-16 22:06 <DIR> GTek

06-05-23 17:38 <DIR> Help

06-05-12 11:46 <DIR> IDENTI~1 Identities

07-01-01 19:06 <DIR> INTERV~1 InterVideo

07-05-21 20:40 <DIR> JASCSO~1 Jasc Software Inc

06-05-13 00:59 <DIR> Lavasoft

06-05-14 19:19 <DIR> MACROM~1 Macromedia

06-11-11 16:17 <DIR> MICROS~1 Microsoft

06-05-12 12:20 <DIR> Mozilla

06-05-19 00:29 <DIR> NCHSWI~1 NCH Swift Sound

06-11-11 15:56 <DIR> OFFLIN~1 Offline Explorer

06-05-18 18:25 <DIR> PCTOOL~1 PC Tools

07-05-14 18:20 <DIR> Real

06-05-18 23:35 <DIR> RECORD~1 RecordPad

07-04-24 21:30 <DIR> Ringtone

06-06-26 00:26 <DIR> RIVERP~2 River Past G4

06-08-14 11:46 <DIR> SEVENZ~1 Seven Zip

06-12-31 16:21 <DIR> SOFTPL~1 Softplicity

06-05-13 18:36 <DIR> Sun

06-07-19 10:59 <DIR> Symantec

06-06-27 01:02 <DIR> URSoft

07-05-17 10:41 <DIR> uTorrent

06-10-02 10:07 <DIR> vlc

07-05-02 18:06 <DIR> VMware

06-08-24 03:57 <DIR> ZIPBAC~1 ZipBackupToCD

07-05-12 11:30 <DIR> ZipZag

0 File(s) 0 bytes

41 Dir(s) 9,961,418,752 bytes free

Volume in drive D is Local Disk

Volume Serial Number is 9C97-0F93

 

Directory of D:\Documents and Settings\All Users.WINDOWS\Application Data

 

07-06-17 20:37 <DIR> .

07-06-17 20:37 <DIR> ..

06-07-09 16:49 <DIR> ACDSYS~1 ACD Systems

07-06-15 10:31 <DIR> Adobe

07-04-28 08:47 <DIR> ANTIVI~1 AntiVir PersonalEdition Classic

06-09-15 15:34 <DIR> AOLDOW~1 AOL Downloads

07-01-01 19:04 <DIR> APPLEC~1 Apple Computer

06-05-31 09:32 <DIR> CanonBJ

06-10-04 07:40 <DIR> CYBERL~1 CyberLink

07-06-15 10:32 <DIR> GeoVid

06-08-13 14:44 <DIR> Google

07-06-15 10:31 <DIR> GRETECH

07-06-16 22:06 <DIR> GTek

07-01-01 19:01 <DIR> INSTAL~1 InstallShield

07-03-04 11:05 <DIR> KSP

06-07-01 01:42 <DIR> MICROS~1 Microsoft

06-06-16 20:59 <DIR> MSN6

06-05-18 23:35 <DIR> NCHSWI~1 NCH Swift Sound

06-05-15 23:35 <DIR> QUICKT~1 QuickTime

06-06-28 17:30 <DIR> RIVERP~1 River Past G4

06-05-13 00:59 <DIR> SPYBOT~1 Spybot - Search & Destroy

06-07-19 20:11 <DIR> Symantec

06-06-04 20:43 <DIR> VIEWPO~1 Viewpoint

07-05-12 15:50 <DIR> VMware

06-05-16 17:58 <DIR> WINDOW~1 Windows Genuine Advantage

07-05-12 09:43 <DIR> WinZip

0 File(s) 0 bytes

26 Dir(s) 9,961,414,656 bytes free

--------------------------------------------------------

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:50, on 07-06-18

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\conime.exe

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\WINDOWS\System32\yumngbsa.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\DAEMON Tools\daemon.exe

D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\taskmgr.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\Program Files\HJT\Analyse.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: DomainService - Unknown owner - D:\WINDOWS\System32\yumngbsa.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Share this post


Link to post
Share on other sites

Hi JASON CHON..

 

If you can't use online scans at the moment, lets try something else!..

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

 

Upload a File to Jotti

Please visit http://virusscan.jotti.org/

Click on Browse... and navigate to the following file: D:\WINDOWS\System32\yumngbsa.exe

Click Open(Please be patient as sometimes the server is busy and it can take a while).

Please let me know what the result is..

 

Please include in your next post:

  • The contents of DrWeb.csv
  • The result of the Jotti scan
  • And a fresh HJT log.

Also say what symtoms are remaining?

 

Thanks

Fred.. :thumbsup:

Share this post


Link to post
Share on other sites

my computer is running more smoothly, no pop ups, and computer runs a lot faster!

heres the logs

 

log from Dr.Web

 

setup.exe;D:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3852.1.16;Probably BACKDOOR.Trojan;Incurable.Moved.;

setup.exe;D:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20;Probably BACKDOOR.Trojan;Incurable.Moved.;

setup.exe;D:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.1.3;Probably BACKDOOR.Trojan;Incurable.Moved.;

000002DD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002DE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002E9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002EA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002EB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002EC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002ED.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002EE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002EF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002F9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002FA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002FB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002FC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002FD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002FE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000002FF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000300.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000301.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000302.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000303.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000304.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000305.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000306.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000307.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000308.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000309.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000030A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000030B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000030C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000030D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000030F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000310.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000311.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000312.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000313.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000314.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000315.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000316.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000317.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000318.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000319.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000031A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000031B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000031C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000031D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000031E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000031F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000320.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000321.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000322.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000323.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000324.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000325.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000326.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000327.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000328.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000329.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000032A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000032B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000032C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000032D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000032E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000032F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000330.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000331.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000332.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000333.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000334.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000335.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000336.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000337.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000338.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000339.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000033A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000033B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000033C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000033D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000033E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000033F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000340.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000341.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000342.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000343.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000344.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000345.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000346.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000347.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000348.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000349.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000034A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000034B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000034C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000034D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000034E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000034F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000350.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000351.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000352.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000353.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000354.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000355.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000356.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000357.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000358.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000035A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000035B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000035C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000035D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000035E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000035F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000360.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000361.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000362.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000363.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000364.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000365.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000366.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000367.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000368.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000369.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000036A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000036B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000036C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000036D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000036E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000036F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000370.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000371.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000372.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000373.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000374.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000375.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000376.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000377.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000378.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000379.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000037A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000037B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000037C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000037D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000037E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000037F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000380.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000381.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000382.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000383.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000384.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000385.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000386.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000387.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000388.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000389.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000038A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000038B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000038C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000038D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000038E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000038F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000390.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000391.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000392.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000393.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000394.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000395.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000396.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000397.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000398.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000399.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000039A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000039B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000039C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000039D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000039E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000039F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003A9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003AA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003AB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003AD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003AE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003AF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003B9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003BA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003BB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003BC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003BD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003BE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003BF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003C9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003CA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003CB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003CC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003CD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003CE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003CF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003D9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003DA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003DB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003DC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003DD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003DE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003DF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003E9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003EA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003EB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003EC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003ED.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003EE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003EF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003F9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003FA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003FB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003FC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003FD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003FE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000003FF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000400.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000401.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000402.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000403.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000404.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000405.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000406.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000407.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000408.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000409.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000040A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000040B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000040C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000040D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000040E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000040F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000410.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000411.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000412.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000413.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000414.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000415.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000416.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000417.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000418.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000419.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000041A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000041B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000041C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000041D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000041E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000041F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000420.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000421.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000422.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000423.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000424.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000425.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000426.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000427.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000428.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000429.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000042A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000042B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000042C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000042D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000042E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000042F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000430.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000431.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000432.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000433.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000434.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000435.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000436.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000437.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000438.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000439.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000043A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000043B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000043C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000043D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000043E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000043F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000440.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000441.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000442.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000443.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000444.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000445.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000446.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000447.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000448.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000449.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000044B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000044C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000044D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000044E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000044F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000450.0;D:&

Share this post


Link to post
Share on other sites

00000452.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000453.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000454.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000455.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000456.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000457.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000458.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000459.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000045A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000045B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000045C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000045D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000045E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000045F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000461.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000462.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000463.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000464.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000465.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000466.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000467.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000468.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000469.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000046A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000046B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000046C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000046D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000046E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000046F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000470.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000471.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000472.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000473.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000474.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000475.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000476.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000477.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000478.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000479.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000047A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000047B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000047C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000047D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000047E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000047F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000480.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000481.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000482.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000483.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000484.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000485.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000486.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000487.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000488.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000489.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000048A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000048B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000048C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000048D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000048E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000048F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000490.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000491.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000492.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000493.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000494.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000495.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000496.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000497.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000498.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

00000499.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000049A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000049B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000049C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000049D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000049E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

0000049F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004A9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004AA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004AB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004AC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004AD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004AE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004AF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004B0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004B1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004B2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004B3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004B4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004B5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004B6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004B7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004B8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

000004C1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;

inst.exe;D:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads\triton_suite_install_2.2.71.1;Probably BACKDOOR.Trojan;Incurable.Moved.;

inst.exe;D:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads\triton_suite_install_2.3.30.1;Probably BACKDOOR.Trojan;Incurable.Moved.;

TS-AudioToMIDI.exe.vir;D:\Documents and Settings\Jason\Desktop\Some Kind of Crap;Win32.Liage.4;Cured.;

SetupDTSB.exe;D:\Program Files\DAEMON Tools;Adware.SaveNow;Incurable.Moved.;

search.dll;D:\Program Files\DAEMON Tools SearchBar;Adware.SaveNow;Incurable.Moved.;

ipwins.dll.vir;D:\QooBox\Quarantine\D\Program Files\Ipwindows;Trojan.Rond;Deleted.;

ipwins.exe.vir;D:\QooBox\Quarantine\D\Program Files\Ipwindows;Trojan.Rond;Deleted.;

UnInstall.exe.vir;D:\QooBox\Quarantine\D\Program Files\Ipwindows;Trojan.Rond;Deleted.;

csrss.exe.vir;D:\QooBox\Quarantine\D\WINDOWS;Trojan.LowZones.231;Deleted.;

retadpu172.exe.vir;D:\QooBox\Quarantine\D\WINDOWS;Trojan.DownLoader.23807;Deleted.;

awvvs.dll.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Trojan.Virtumod;Deleted.;

comi.dll.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Trojan.PWS.Banker.9983;Deleted.;

gqbhtxal.dll.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Trojan.Virtumod;Deleted.;

max1d1641.exe.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Dialer.Maxd;Deleted.;

mp43.exe.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;BackDoor.Generic.1570;Deleted.;

winbjt32.dll.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Trojan.Mezzia;Deleted.;

SVCH0ST(10).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(11).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(12).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(13).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(14).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(15).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(16).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(17).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(18).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(19).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(2).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(20).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(21).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(22).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(23).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(3).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(4).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(5).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(6).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(7).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(8).0XE;D:\Recycled;Win32.Liage.4;Cured.;

SVCH0ST(9).0XE;D:\Recycled;Win32.Liage.4;Cured.;

Process.exe;D:\SDFix\apps;Tool.Prockill;Incurable.Moved.;

A0042878.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP190;Trojan.DownLoader.22968;Deleted.;

A0042879.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP190;Trojan.DownLoader.22968;Deleted.;

A0042880.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP190;Trojan.DownLoader.22968;Deleted.;

A0043115.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP192;Adware.SaveNow;Incurable.Moved.;

A0043116.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP192;Adware.Whenu;Incurable.Moved.;

A0043117.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP192;Adware.SaveNow;Incurable.Moved.;

A0043120.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;Adware.SaveNow;Incurable.Moved.;

A0043157.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;Adware.Whenu;Incurable.Moved.;

A0043158.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;Adware.SaveNow;Incurable.Moved.;

A0043244.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;Trojan.DownLoader.24028;Deleted.;

A0043252.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;BackDoor.Generic.1578;Deleted.;

A0044026.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP195;Trojan.Virtumod;Deleted.;

A0045424.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;

A0045442.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.EzulaAd;Deleted.;

A0045596.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Rond;Deleted.;

A0045597.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Rond;Deleted.;

A0045598.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Rond;Deleted.;

A0045610.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Adware.Crew;Incurable.Moved.;

A0045611.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;BackDoor.Generic.1570;Deleted.;

A0045613.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Adware.Crew;Incurable.Moved.;

A0045614.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;

A0045615.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;

A0045616.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.PWS.Banker.9870;Deleted.;

A0045617.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.PWS.Banker.9870;Deleted.;

A0045618.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.PWS.Banker.9983;Deleted.;

A0045620.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.LowZones.231;Deleted.;

A0045623.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;BackDoor.Generic.1578;Deleted.;

A0045697.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.23031;Deleted.;

A0045711.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;

A0045714.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Dialer.Maxd;Deleted.;

A0045715.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.23031;Deleted.;

A0045716.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Fakealert.249;Deleted.;

A0045717.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;

A0045719.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.24028;Deleted.;

A0046564.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.23807;Deleted.;

A0046565.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.22968;Deleted.;

A0046566.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.22968;Deleted.;

A0046567.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.22968;Deleted.;

A0047465.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.DownLoader.22968;Deleted.;

A0047466.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.DownLoader.22968;Deleted.;

A0047467.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.DownLoader.22968;Deleted.;

A0047520.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.SaveNow;Incurable.Moved.;

A0047521.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.Whenu;Incurable.Moved.;

A0047522.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.SaveNow;Incurable.Moved.;

A0047523.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.Whenu;Incurable.Moved.;

A0047524.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.SaveNow;Incurable.Moved.;

A0047540.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.DownLoader.24028;Deleted.;

A0047548.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;BackDoor.Generic.1578;Deleted.;

A0047626.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.Crew;Incurable.Moved.;

A0047627.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.PWS.Banker.9870;Deleted.;

A0047628.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.Virtumod;Deleted.;

A0047639.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.Fakealert.249;Deleted.;

A0047665.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23031;Deleted.;

A0047666.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;

A0047717.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;

A0047718.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;

A0047719.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;

A0047721.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Adware.Crew;Incurable.Moved.;

A0047728.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;

A0047763.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23807;Deleted.;

A0047764.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Dialer.Maxd;Deleted.;

A0047765.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Rond;Deleted.;

A0047766.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Rond;Deleted.;

A0047767.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Rond;Deleted.;

A0047769.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.LowZones.231;Deleted.;

A0047771.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;BackDoor.Generic.1570;Deleted.;

A0047773.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.PWS.Banker.9983;Deleted.;

A0047777.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Mezzia;Deleted.;

A0047902.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23031;Deleted.;

A0047906.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23031;Deleted.;

A0048291.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.PWS.Banker.9870;Deleted.;

A0048292.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.EzulaAd;Deleted.;

A0048293.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048294.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048296.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048297.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048298.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048299.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048300.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048301.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048302.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048303.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048304.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048305.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048306.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048307.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048308.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048309.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048310.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048311.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048312.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048313.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048314.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0048315.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;

A0046571.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Tool.BrutusPWS;Incurable.Moved.;

A0046572.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Tool.BrutusPWS;Incurable.Moved.;

A0046573.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Adware.NewDotNet;Incurable.Moved.;

A0046574.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Trojan.Isbar.390;Incurable.Moved.;

A0046575.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Trojan.Isbar.390;Incurable.Moved.;

A0048110.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP137;Tool.BrutusPWS;Incurable.Moved.;

A0060893.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP156;Adware.BetterInternet;Incurable.Moved.;

A0060920.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Adware.BetterInternet;Incurable.Moved.;

A0060923.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Probably DLOADER.Trojan;Incurable.Moved.;

A0060926.EXE;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Adware.BetterInternet;Incurable.Moved.;

A0060929.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Adware.BetterInternet;Incurable.Moved.;

A0061171.dll;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Adware.RXToolbar;Incurable.Moved.;

A0061541.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP162;Adware.Mirarbar;Incurable.Moved.;

A0061579.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP162;Adware.Nexus;Incurable.Moved.;

A0061839.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP165;Adware.SaveNow;Incurable.Moved.;

A0061848.dll;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP165;Adware.SaveNow;Incurable.Moved.;

A0062022.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.MulDrop.2785;Deleted.;

A0062178.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.MulDrop.2785;Deleted.;

A0062179.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.Isbar.390;Incurable.Moved.;

A0062180.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.Isbar.390;Incurable.Moved.;

A0062244.dll;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.Qoologic;Deleted.;

A0062443.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP172;Trojan.Qoologic;Deleted.;

A0062445.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP172;Trojan.Qoologic;Deleted.;

smanager.7.exe~;D:\WINDOWS;Trojan.DownLoader.23032;Deleted.;

ahfyjtlg.dll.vir;D:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

CIMM.0LL;D:\WINDOWS\system32;Trojan.PWS.Banker.9870;Deleted.;

GTDownLS_125.ocx;D:\WINDOWS\system32;Adware.Gdown;Incurable.Moved.;

ssqqolj.dll;D:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

YUMNGBSA.0XE;D:\WINDOWS\system32;Trojan.EzulaAd;Will be cured after reboot.;

sgvxeehw.exe;C:\;Trojan.DownLoader.24029;Deleted.;

SYSGFVB.0XE;C:\;BackDoor.Generic.1578;Deleted.;

WYJGSA.0XE;C:\;Trojan.DownLoader.23811;Deleted.;

printhook030.dll;C:\Program Files\PrintView;Adware.PrintView;Incurable.Moved.;

pvmodule.exe;C:\Program Files\PrintView;Adware.PrintView;Incurable.Moved.;

A0047023.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;BackDoor.Generic.1578;Deleted.;

A0047025.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.23811;Deleted.;

A0047026.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.24029;Deleted.;

A0048289.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;BackDoor.Generic.1578;Deleted.;

A0048290.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23811;Deleted.;

A0048491.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP201;Trojan.DownLoader.24029;Deleted.;

 

the file scan

 

Scan taken on 20 Jun 2007 00:30:51 (GMT)

A-Squared

Found nothing

AntiVir

Found TR/Agent.aoy.1

ArcaVir

Found Trojan.Agent.Aoy

Avast

Found nothing

AVG Antivirus

Found Generic5.CF

BitDefender

Found Trojan.Fotomoto.A

ClamAV

Found nothing

Dr.Web

Found Trojan.EzulaAd

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found Trojan.Win32.Agent.aoy

Fortinet

Found nothing

Kaspersky Anti-Virus

Found Trojan.Win32.Agent.aoy

NOD32

Found nothing

Norman Virus Control

Found W32/Agent.BSOF

Panda Antivirus

Found Trj/Downloader.OZB

Rising Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found Trojan.Win32.Agent.aoy

 

the HJT log

 

Logfile of HijackThis v1.99.1

Scan saved at 15:06, on 07-06-20

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

D:\WINDOWS\System32\conime.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\DAEMON Tools\daemon.exe

D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

D:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\Program Files\iPod\bin\iPodService.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\WINDOWS\System32\taskmgr.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\HJT\Analyse.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: DomainService - Unknown owner - D:\WINDOWS\System32\yumngbsa.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Share this post


Link to post
Share on other sites

Hi JASON CHON...

Glad to hear your pc is running better now.. well done!!.. :thumbsup:

Almost there... :rolleyes:

 

Run HijackThis

Click on do a system scan only

Place a check next to these lines(if still present)

O23 - Service: DomainService - Unknown owner - D:\WINDOWS\System32\yumngbsa.exe (file missing)

Then close all windows and browsers except HijackThis and click Fix Checked

 

Now, on your desktop..Right click on My Computer select Explore..

Navigate to and delete all of the following File in BOLD..(If found)<< might be gone already, but check to be sure!

 

D:\WINDOWS\System32\yumngbsa.exe

 

You might need to show hidden files to see it:

Only if needed

Reconfigure Windows XP to show hidden files:

  • Double-click the My Computer icon on the Windows desktop.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading select "Show hidden files and folders".
  • Uncheck the "Hide protected operating system files (recommended)" option.
  • Uncheck the "Hide file extensions for known file types" option.
  • Click Yes to confirm. Click Apply then Click Ok.

Let me know if you had to show hidden files as we need to "re-hide" them when we are finished!

 

If you receive errors when attempting to delete any of those files, boot to Safe Mode and go after them again.

 

Only if needed HOW TO REBOOT INTO SAFE MODE

  • Restart your computer.
  • Tap the F8 key just before Windows starts to load".
  • Once "Advanced Options" appears, highlight "Safe Mode" and press Enter.

Reboot

Did you have any problems installing the firewall?

I don't see it in the running processes or services in the log??

 

I would like you to try the online scanner again to be sure you are clean before we deal with UPDATES and such..

  • You are running SP1 (should be SP2)
  • Java is way out of date

Click here to use the F-Secure Online Scanner

  • Then click the Start Scanning button below.
  • You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and copy and paste what's present under results in your next reply.

Please post back with the result of the online scan, and a fresh HJT log..

Also update me on any issues you are still experiencing (if any)?

 

Thanks

Fred.. :wave:

Share this post


Link to post
Share on other sites

here are the logs. im not going to be home till 3 days so expect a late response.

 

Scanning Report

Friday, June 22, 2007 18:19:18 - 22:18:56

 

Computer name: JASON-6O3MZY0B5

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\ D:\

Result: 20 malware found

Gobot.A (virus)

 

* D:\PROGRAM FILES\ZIPFUSION\ZFI.EXE (Submitted)

 

JS/Linker.V@troj (virus)

 

* D:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1QUPGCL.DEFAULT\CACHE(2)\463F8EDBD01 (Submitted)

 

Packed.Win32.Morphine.a (virus)

 

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0045610.DLL (Submitted)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0045613.DLL (Submitted)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0047626.DLL (Submitted)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0047721.DLL (Submitted)

 

Tracking Cookie (spyware)

 

* System (Disinfected)

* System

 

Trojan-Downloader.Win32.Qoologic.at (virus)

 

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0061579.EXE (Renamed & Submitted)

 

W32/Agent.ANEH (virus)

 

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\PVMODULE.EXE (Submitted)

 

W32/Agent.ANEI (virus)

 

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\PRINTHOOK030.DLL (Submitted)

 

W32/Ezula.CV.dropper (virus)

 

* D:\DOCUMENTS AND SETTINGS\JASON CHON\LOCAL SETTINGS\TEMP\B2S_IRIS.EXE (Submitted)

 

W32/Istbar.AKU (virus)

 

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0046574.EXE (Submitted)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0046575.EXE (Submitted)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0062179.EXE (Submitted)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0062180.EXE (Submitted)

 

W32/Mirar.J.dropper (virus)

 

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0061541.EXE (Submitted)

 

W32/Smalldrp.GOJ (virus)

 

* D:\WINDOWS\SETUP90.EXE (Submitted)

 

W32/Smalldrp.IQK (virus)

 

* C:\WINDOWS\VISFX500.EXE (Submitted)

 

W32/Smalltroj.AYA (virus)

 

* D:\DOCUMENTS AND SETTINGS\JASON CHON\LOCAL SETTINGS\TEMP\AUPD.EXE (Submitted)

 

Statistics

Scanned:

 

* Files: 51287

* System: 4891

* Not scanned: 5

 

Actions:

 

* Disinfected: 1

* Renamed: 1

* Deleted: 0

* None: 18

* Submitted: 18

 

Files not scanned:

 

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\204FADA7B17E0057933138296468BDD7_CB8617D1-F10E-4177-96FA-88FB1EA23982

* D:\PAGEFILE.SYS

* D:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS

* D:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF8C6DA157DF5E0ADF86EAA03D4BA716_923730A9-7109-45DE-A08D-E047193B0C6D

 

 

HJT log

 

Logfile of HijackThis v1.99.1

Scan saved at 22:27, on 07-06-22

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\DAEMON Tools\daemon.exe

D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

D:\WINDOWS\System32\conime.exe

D:\WINDOWS\System32\taskmgr.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program Files\iPod\bin\iPodService.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\DOCUME~1\Jason\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe

D:\DOCUME~1\Jason\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe

D:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\Program Files\HJT\Analyse.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

 

there is nothing unusual about my computer now. seems like its brand new ^_^

Share this post


Link to post
Share on other sites

Hi JASON CHON..

there is nothing unusual about my computer now. seems like its brand new ^_^

Always good to hear!!.. :thumbsup:

 

Couple of things left to do.

 

I still see no indication in your log that you have a firewall installed and active!.

We need to get one running or you will soon get re-infected and back to square one!!.

 

Some good FREE firewalls are:

Please download only one of the above and install it to your computer

 

A tutorial on understanding and using firewalls may be found HERE.

 

You can get rid af any of the tools we have downloaded, they are updated almost daily so no use keeping them.

 

Delete the following folders:

 

D:\ComboFix\

D:\QooBox\

D:\SDFix\

D:\vundofix\

 

Also delete Deljob.exe and Dr.Web CureIt from your desktop (Along with any other tools/shortcuts etc).

 

Now, lets get on with updates:

 

You are still using XP with SP1(Service Pack 1), there are a lot of vulnerabilities in SP1 which have been utilised by hijackers and malware creators etc.

It is CRITICAL that you upgrade your system to SP2 (Service Pack 2) IMMEDIATELY..

Windows XP has come a long way since SP1, and there are many security patches in SP2 that you need to keep your system secure.

 

To update windows Click Here

 

Please post back to confirm that the update to Service Pack 2 went ok as any problems could indicate further infection that we need to check out!

 

Thanks,

Fred.. :thumbsup:

Share this post


Link to post
Share on other sites

the updates went ok BUT when i installed the firewalls, it gave me internet problems. the firewall wouldn't let me connect to the internet but i didn't know that so i had a hard time figuring it out. but besides the firewall problem , there seems to be no infections on my computer now ^_^

Share this post


Link to post
Share on other sites

Hi JASON CHON..

 

Glad things went well.. :thumbsup:

What firewall did you choose to install??

Perhaps you inadvertantly blocked something which affects your internet connection.

 

I use Kerio free version myself and had no problems with it..

When I first installed it I had to "set a rule" when programs asked for access etc, but once done it has run for about 2 years without trouble.

 

You could always try removing it and trying another to see what suits you..

Just make sure you don't connect to the internet without a firewall!

 

Please post a fresh HJT log for review and if it's clear, we should be good to go to prevention stuff to keep you clean in future..

 

Well done so far though!.. :thumbsup::thumbsup:

 

Fred..

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread.

 

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0