Jump to content


Photo

in suspicion of a virus and occasional pop-ups


  • This topic is locked This topic is locked
19 replies to this topic

#1 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 10 June 2007 - 06:54 PM

not sure if i really do have a virus but my antivir program keeps popping up with messages saying there is an unwanted program. plus, there are occasional pop-ups which makes it even more suspicious

heres my log

Logfile of HijackThis v1.99.1
Scan saved at 19:50, on 07-06-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
D:\WINDOWS\System32\conime.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\DAEMON Tools SearchBar\Search.exe
D:\Program Files\DAEMON Tools SearchBar\whse.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\WhenU\DTAdapter.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\taskmgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\VirtuallTek\Fighter Factory\ff32.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\avp.exe
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\HJT\Analyse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9142C78F-3321-4F68-BA06-DAC6C8DB37FF} - D:\WINDOWS\System32\awtss.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - D:\Program Files\DAEMON Tools SearchBar\search.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WhenUSearch] "D:\Program Files\DAEMON Tools SearchBar\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "D:\Program Files\DAEMON Tools SearchBar\whse.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638EF323A15806F97BDE4417E70CE7C0726B954E1C2832211379926033AAC
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe D:\WINDOWS\System32\drvtaf.dll,startup
O4 - HKLM\..\Run: [avp] D:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "D:\WINDOWS\System32\ksjyfgkf.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - Winlogon Notify: awtss - D:\WINDOWS\System32\awtss.dll
O20 - Winlogon Notify: ssqqolj - D:\WINDOWS\SYSTEM32\ssqqolj.dll
O20 - Winlogon Notify: winbjt32 - D:\WINDOWS\SYSTEM32\winbjt32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 13 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Fred_Flintstone

Fred_Flintstone

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 615 posts

Posted 14 June 2007 - 08:59 PM

Hi Jason Chon

Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please post the contents of C:\vundofix.txt and a new HiJackThis log in your next post



My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 17 June 2007 - 08:58 AM

i am terribly sorry for the late reply. my internet was down for a while now
anyways here are the logs

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Scan started at 09:40:37 07-06-17

Listing files found while scanning....

D:\windows\system32\awtss.dll
D:\WINDOWS\System32\awvtq.dll
D:\windows\system32\fkgfyjsk.ini
D:\windows\system32\ggmatuyn.exe
D:\windows\system32\ksjyfgkf.dll
D:\windows\system32\mmoahgew.dll
D:\windows\system32\pmnmmli.dll
D:\WINDOWS\System32\qtvwa.bak1
D:\WINDOWS\System32\qtvwa.ini
D:\windows\system32\ssqqolj.dll
D:\WINDOWS\System32\sstwa.ini
D:\windows\system32\xrhbcftw.dll

Beginning removal...

Attempting to delete D:\windows\system32\awtss.dll
D:\windows\system32\awtss.dll Could not be deleted.

Attempting to delete D:\windows\system32\fkgfyjsk.ini
D:\windows\system32\fkgfyjsk.ini Has been deleted!

Attempting to delete D:\windows\system32\ggmatuyn.exe
D:\windows\system32\ggmatuyn.exe Has been deleted!

Attempting to delete D:\windows\system32\ksjyfgkf.dll
D:\windows\system32\ksjyfgkf.dll Has been deleted!

Attempting to delete D:\windows\system32\mmoahgew.dll
D:\windows\system32\mmoahgew.dll Has been deleted!

Attempting to delete D:\windows\system32\pmnmmli.dll
D:\windows\system32\pmnmmli.dll Has been deleted!

Attempting to delete D:\WINDOWS\System32\qtvwa.bak1
D:\WINDOWS\System32\qtvwa.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\System32\qtvwa.ini
D:\WINDOWS\System32\qtvwa.ini Has been deleted!

Attempting to delete D:\windows\system32\ssqqolj.dll
D:\windows\system32\ssqqolj.dll Could not be deleted.

Attempting to delete D:\WINDOWS\System32\sstwa.ini
D:\WINDOWS\System32\sstwa.ini Has been deleted!

Attempting to delete D:\windows\system32\xrhbcftw.dll
D:\windows\system32\xrhbcftw.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\windows\system32\awtss.dll
D:\windows\system32\awtss.dll Has been deleted!

Attempting to delete D:\windows\system32\ssqqolj.dll
D:\windows\system32\ssqqolj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 09:56, on 07-06-17
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\System32\yumngbsa.exe
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\csrss.exe
D:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\System32\taskmgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\HJT\Analyse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25CB092F-48FA-4F9A-89CC-E90C51312A6A} - D:\WINDOWS\System32\awvtq.dll (file missing)
O2 - BHO: H - {3644117A-821A-4cc4-ADD5-226A6694F722} - D:\WINDOWS\System32\co.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - D:\WINDOWS\System32\pgnxcslp.dll (file missing)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - D:\WINDOWS\System32\ssqqolj.dll
O2 - BHO: (no name) - {9A06836A-0E41-429F-BC31-33C4348253Db} - D:\WINDOWS\System32\udccbhgk.dll (file missing)
O2 - BHO: (no name) - {E50F832B-C808-4750-96D6-5B1B0F4A6B00} - D:\WINDOWS\System32\awtss.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638EF323A15806F97BDE4417E70CE7C0726B954E1C2832211379926033AAC
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe D:\WINDOWS\System32\drvtaf.dll,startup
O4 - HKLM\..\Run: [avp] D:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [hwfutczk.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "D:\WINDOWS\System32\pogfldqt.dll",realset
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [csrss] D:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [IpWins] D:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - Winlogon Notify: awvtq - D:\WINDOWS\System32\awvtq.dll (file missing)
O20 - Winlogon Notify: winbjt32 - D:\WINDOWS\SYSTEM32\winbjt32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - - D:\WINDOWS\System32\yumngbsa.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

#5 Fred_Flintstone

Fred_Flintstone

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 615 posts

Posted 17 June 2007 - 10:58 AM

Hi JASON CHON..

i am terribly sorry for the late reply. my internet was down for a while now

No problem, the thread would remain open for at least 10 days from your last post before I would get it closed / moved etc..
======================================================================


1. Download this file - ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also..

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Please post back with the ComboFix log, the Contents of Report.txt and a fresh HJT log..


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#6 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 17 June 2007 - 11:46 AM

ok so far no pop ups

Edited by JASON CHON, 17 June 2007 - 11:50 AM.


#7 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 17 June 2007 - 11:48 AM

the combo fix log

ComboFix 07-06-13.7 - D:\Documents and Settings\Jason\Desktop\ComboFix.exe
"Jason" - 2007-06-17 12:13:44 - Service Pack 1 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\awvvs.dll
D:\WINDOWS\system32\comi.dll
D:\WINDOWS\system32\gqbhtxal.dll
D:\WINDOWS\system32\injjrljo.dll
D:\WINDOWS\system32\iwbndgla.dll
D:\WINDOWS\system32\pogfldqt.dll
D:\WINDOWS\system32\winbjt32.dll
D:\WINDOWS\system32\svvwa.bak1
D:\WINDOWS\system32\svvwa.ini
D:\WINDOWS\system32\ojlrjjni.ini
D:\WINDOWS\system32\ojlrjjni.ini2
D:\WINDOWS\system32\ojlrjjni.tmp
D:\WINDOWS\system32\algdnbwi.ini
D:\WINDOWS\system32\algdnbwi.ini2
D:\WINDOWS\system32\algdnbwi.tmp
D:\WINDOWS\system32\tqdlfgop.ini
D:\WINDOWS\system32\svvwa.bak1
D:\WINDOWS\system32\svvwa.ini
D:\WINDOWS\system32\algdnbwi.ini
D:\WINDOWS\system32\algdnbwi.ini2
D:\WINDOWS\system32\algdnbwi.tmp
D:\WINDOWS\system32\ojlrjjni.ini
D:\WINDOWS\system32\ojlrjjni.ini2
D:\WINDOWS\system32\ojlrjjni.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\DOCUME~1\Jason\APPLIC~1.\macromedia\Flash Player\#SharedObjects\QTNRA75R\www.broadcaster.com
D:\DOCUME~1\Jason\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
D:\DOCUME~1\Jason\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
D:\DOCUME~1\Jason\Desktop\internet.lnk
D:\install.log
D:\Program Files\inetget2
D:\Program Files\ipwindows
D:\Program Files\ipwindows\ipwins.dll
D:\Program Files\ipwindows\ipwins.exe
D:\Program Files\ipwindows\UnInstall.exe
D:\WINDOWS\b122.exe
D:\WINDOWS\b136.exe
D:\WINDOWS\csrss.exe
D:\WINDOWS\retadpu172.exe
D:\WINDOWS\system32\comi.dll
D:\WINDOWS\system32\cookie.dat
D:\WINDOWS\system32\drivers\core.cache.dsk
D:\WINDOWS\system32\drivers\core.sys
D:\WINDOWS\system32\max1d1641.exe
D:\WINDOWS\system32\mp43.exe
D:\WINDOWS\system32\wmvds32.dll
D:\WINDOWS\Uninst2.htm
D:\WINDOWS\Unist1.htm
D:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


2007-06-17 12:13 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-17 10:46 56,832 --a------ D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\szarkrmf.exe
2007-06-17 09:40 <DIR> d----c--- D:\VundoFix Backups
2007-06-16 22:09 1,922,048 --a------ D:\WINDOWS\system32\gdql_lsa.dll
2007-06-16 22:09 <DIR> d-------- D:\Program Files\Linksys EasyLink Advisor
2007-06-16 22:06 <DIR> d--h----- D:\DOCUME~1\Jason\APPLIC~1\GTek
2007-06-16 22:06 <DIR> d-------- D:\DOCUME~1\MUGE~1.N\APPLIC~1\Gtek
2007-06-16 22:06 <DIR> d-------- D:\DOCUME~1\Guest\APPLIC~1\Gtek
2007-06-16 22:06 <DIR> d-------- D:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Gtek
2007-06-16 22:06 <DIR> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
2007-06-16 22:05 6,977 --a------ D:\WINDOWS\system32\DDMI2.sys
2007-06-16 22:05 6,656 --a------ D:\WINDOWS\system32\DLPT2.sys
2007-06-16 22:05 28,672 --a------ D:\WINDOWS\system32\drivers\goprot51.sys
2007-06-16 22:05 135,168 --a------ D:\WINDOWS\system32\GoProto.dll
2007-06-16 22:05 <DIR> d-ah----- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\GTek
2007-06-16 19:27 <DIR> d-------- D:\DOCUME~1\MUGE~1.N\APPLIC~1\Jasc Software Inc
2007-06-15 10:32 <DIR> d-------- D:\Program Files\Flash-SWF to AVI-GIF
2007-06-15 10:32 <DIR> d-------- D:\Program Files\Common Files\GeoVid
2007-06-15 10:32 <DIR> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\GeoVid
2007-06-15 10:31 <DIR> d-------- D:\DOCUME~1\Jason\APPLIC~1\GRETECH
2007-06-15 10:31 <DIR> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\GRETECH
2007-06-15 10:30 <DIR> d-------- D:\Program Files\Common Files\Jasc Software Inc
2007-06-15 10:17 6,696,960 --a------ D:\DOCUME~1\Jason\ntuser.dat
2007-06-12 08:33 122,900 --a------ D:\WINDOWS\system32\yumngbsa.exe
2007-06-11 16:43 <DIR> d-------- D:\Program Files\Character Patcher
2007-06-10 19:44 57,344 --a------ D:\WINDOWS\os1zn2mO7Z.exe
2007-06-10 05:33 76,412 --a------ D:\WINDOWS\system32\ahfyjtlg.dll.vir
2007-06-10 05:33 1 --a------ D:\WINDOWS\system32\ps.dat
2007-06-10 05:32 44,338 --a------ D:\WINDOWS\system32\cimm.dll
2007-06-09 20:21 <DIR> d-------- D:\Program Files\Advanced Batch Converter
2007-06-09 19:54 28,160 --a------ D:\WINDOWS\system32\sysmon32.exe
2007-06-09 19:53 <DIR> d-------- D:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\WhenU
2007-06-09 19:42 <DIR> d-------- D:\Program Files\Moyea
2007-06-09 19:33 33,302 --------- D:\WINDOWS\system32\ssqqolj.dll
2007-06-09 19:09 <DIR> d-------- D:\DOCUME~1\Jason\APPLIC~1\Eltima Software
2007-06-09 12:19 <DIR> d-------- D:\DOCUME~1\Jason\.SunDownloadManager
2007-06-02 21:14 <DIR> d-------- D:\Program Files\MKVtoolnix
2007-06-02 20:47 <DIR> d-------- D:\Program Files\MKVTOAVI
2007-06-02 20:44 <DIR> d-------- D:\Program Files\GeoVid
2007-06-02 20:44 <DIR> d-------- D:\DOCUME~1\Jason\APPLIC~1\GeoVid
2007-06-02 15:30 <DIR> d-------- D:\DOCUME~1\Jason\tutorial_mugen1
2007-06-01 09:29 <DIR> d-------- D:\Program Files\GRETECH
2007-05-23 20:34 <DIR> d-------- D:\Program Files\StepMania
2007-05-21 20:40 <DIR> d-------- D:\Program Files\Jasc Software Inc
2007-05-21 20:40 <DIR> d-------- D:\DOCUME~1\Jason\APPLIC~1\Jasc Software Inc
2007-05-19 13:40 <DIR> d-------- D:\Program Files\BackStreet Browser 3.1
2007-05-19 13:39 <DIR> d-------- D:\Program Files\WinHTTrack
2007-05-19 13:33 <DIR> d-------- D:\Program Files\SurfOffline
2007-05-18 19:44 <DIR> d-------- D:\Program Files\Common Files\Blizzard Entertainment
2007-05-18 09:40 <DIR> d-------- D:\DOCUME~1\MUGE~1.N\APPLIC~1\Real


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 15:12:41 -------- d-----w D:\Program Files\Starcraft
2007-06-17 13:56:09 -------- d-----w D:\Program Files\HJT
2007-06-15 14:31:14 -------- d-----w D:\Program Files\eMule
2007-06-15 14:18:12 -------- d-----w D:\Program Files\DAEMON Tools SearchBar
2007-06-15 13:43:20 664 ----a-w D:\WINDOWS\system32\d3d9caps.dat
2007-06-12 22:52:08 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\FrostWire
2007-06-11 20:48:19 286,720 ------w D:\WINDOWS\Setup1.exe
2007-05-25 13:08:00 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\AdobeUM
2007-05-17 14:41:28 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\uTorrent
2007-05-17 14:13:38 -------- d-----w D:\Program Files\ZipZag
2007-05-16 19:04:23 -------- d-----w D:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo
2007-05-14 22:20:42 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\Real
2007-05-14 22:18:40 -------- d-----w D:\Program Files\Common Files\xing shared
2007-05-14 22:18:38 -------- d-----w D:\Program Files\Common Files\Real
2007-05-14 22:18:28 -------- d-----w D:\Program Files\Real
2007-05-12 16:36:10 -------- d-----w D:\Program Files\IZArc
2007-05-12 16:29:03 1,676,001 -c--a-w D:\chi-chan.exe
2007-05-12 15:46:00 -------- d-----w D:\Program Files\Zipfusion
2007-05-12 15:45:20 -------- d-----w D:\Program Files\Game_Maker7
2007-05-12 15:30:21 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\ZipZag
2007-05-12 15:26:19 -------- d-----w D:\Program Files\GCA
2007-05-12 12:53:41 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-05-12 12:53:41 -------- d-----w D:\Program Files\YAMAHA
2007-05-12 03:02:28 -------- d-----w D:\Program Files\VideoLAN
2007-05-12 01:47:22 -------- d-----w D:\Program Files\Zoom Player
2007-05-04 23:41:04 -------- d-----w D:\Program Files\One Piece Grand Line-BETA
2007-05-02 22:06:19 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\VMware
2007-05-01 00:35:57 -------- d-----w D:\Program Files\TallStick
2007-05-01 00:35:38 -------- d-----w D:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-04-30 21:50:46 4,096 ----a-w D:\WINDOWS\d3dx.dat
2007-04-28 13:16:26 -------- d-----w D:\Program Files\Guitar Pro 5
2007-04-26 21:35:45 -------- d-----w D:\Program Files\DGCA
2007-04-25 01:30:49 -------- d-----w D:\DOCUME~1\Jason\APPLIC~1\Ringtone
2007-04-22 19:56:12 -------- d-----w D:\Program Files\DirPrn
2007-04-22 19:48:53 73,216 ------w D:\WINDOWS\ST6UNST.EXE
2007-04-22 02:16:30 -------- d-----w D:\Program Files\VirtuallTek
2007-04-19 01:17:29 -------- d-----w D:\Program Files\Altap Salamander 2.5 RC3
2007-04-17 19:42:19 -------- d-----w D:\Program Files\ZOO Digital Publishing
2007-04-17 19:29:05 -------- d-----w D:\Program Files\DAEMON Tools
2007-04-17 19:13:04 682,232 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2005-07-29 23:24:26 472 -csha-r D:\WINDOWS\SmFzb24gQ2hvbg\mAIWvZb0kZ1Sv0.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{25CB092F-48FA-4F9A-89CC-E90C51312A6A}=D:\WINDOWS\System32\awvtq.dll []
{3644117A-821A-4cc4-ADD5-226A6694F722}=D:\WINDOWS\System32\co.dll []
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=D:\WINDOWS\System32\pgnxcslp.dll []
{9A06836A-0E41-429F-BC31-33C4348253Db}=D:\WINDOWS\System32\udccbhgk.dll []
{E50F832B-C808-4750-96D6-5B1B0F4A6B00}=D:\WINDOWS\System32\awtss.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-27 14:47]
"OutpostFeedBack"="D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe" []
"SigmatelSysTrayApp"="sttray.exe" []
"ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-14 18:18]
"ipmon"="ipmon.exe" []
"hwfutczk.exe"="D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe" []
"szarkrmf.exe"="D:\Documents and Settings\All Users.WINDOWS\Application Data\szarkrmf.exe" [2007-06-17 10:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2002-08-20 18:08]
"Free Download Manager"="D:\Program Files\Free Download Manager\fdm.exe" []
"ctfmon.exe"="D:\WINDOWS\System32\ctfmon.exe" [2002-08-29 08:00]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29]
"csrss"="D:\WINDOWS\csrss.exe" []
"EasyLinkAdvisor"="D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq]
D:\WINDOWS\System32\awvtq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Jason^Start Menu^Programs^Startup^AdsGone.lnk]
path=D:\Documents and Settings\Jason\Start Menu\Programs\Startup\AdsGone.lnk
backup=D:\WINDOWS\pss\AdsGone.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Jason^Start Menu^Programs^Startup^GreatMemo.lnk]
path=D:\Documents and Settings\Jason\Start Menu\Programs\Startup\GreatMemo.lnk
backup=D:\WINDOWS\pss\GreatMemo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
D:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperProfessional]
"D:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-06-08 14:54:00 D:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-14 04:00:30 D:\WINDOWS\tasks\At1.job
2007-06-17 13:00:00 D:\WINDOWS\tasks\At10.job
2007-06-17 14:00:00 D:\WINDOWS\tasks\At11.job
2007-06-17 15:00:00 D:\WINDOWS\tasks\At12.job
2007-06-17 16:00:00 D:\WINDOWS\tasks\At13.job
2007-06-16 22:55:25 D:\WINDOWS\tasks\At14.job
2007-06-16 22:55:25 D:\WINDOWS\tasks\At15.job
2007-06-16 22:55:25 D:\WINDOWS\tasks\At16.job
2007-06-16 22:55:26 D:\WINDOWS\tasks\At17.job
2007-06-16 22:55:26 D:\WINDOWS\tasks\At18.job
2007-06-16 22:55:27 D:\WINDOWS\tasks\At19.job
2007-06-14 05:00:30 D:\WINDOWS\tasks\At2.job
2007-06-16 23:00:24 D:\WINDOWS\tasks\At20.job
2007-06-17 00:00:00 D:\WINDOWS\tasks\At21.job
2007-06-17 01:00:00 D:\WINDOWS\tasks\At22.job
2007-06-17 02:00:12 D:\WINDOWS\tasks\At23.job
2007-06-15 03:00:30 D:\WINDOWS\tasks\At24.job
2007-06-14 06:00:30 D:\WINDOWS\tasks\At3.job
2007-06-14 07:00:30 D:\WINDOWS\tasks\At4.job
2007-06-14 08:00:30 D:\WINDOWS\tasks\At5.job
2007-06-14 09:00:30 D:\WINDOWS\tasks\At6.job
2007-06-14 10:00:30 D:\WINDOWS\tasks\At7.job
2007-06-14 11:00:30 D:\WINDOWS\tasks\At8.job
2007-06-14 12:01:25 D:\WINDOWS\tasks\At9.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 12:18:52
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-17 12:20:46 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-06-17 12:20

--- E O F ---


here is the SDfix log


SDFix: Version 1.88

Run by Jason on 07-06-17 at 12:32

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

D:\WINDOWS\system32\alog.txt - Deleted
D:\WINDOWS\system32\ps.dat - Deleted
D:\WINDOWS\system32\sysmon32.exe - Deleted



Removing Temp Files...

ADS Check:

Checking D:\WINDOWS\
D:\WINDOWS
No streams found.

Checking D:\WINDOWS\system32
D:\WINDOWS\system32
No streams found.

Checking D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
No streams found.

Checking D:\WINDOWS\system32\ntoskrnl.exe
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\WINDOWS\\System32\\yumngbsa.exe"="D:\\WINDOWS\\System32\\yum"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - D:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

D:\Program Files\BitLord\Downloads\Vipersdenforums.com ~ Gianna Micheals\Thumbs.db
D:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
D:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
D:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\395d7c487b907ace6e3ab1717abb0401\BIT65.tmp
D:\WINDOWS\system32\config\default.tmp.LOG
D:\WINDOWS\system32\config\sam.tmp.LOG
D:\WINDOWS\system32\config\security.tmp.LOG
D:\WINDOWS\system32\config\software.tmp.LOG
D:\WINDOWS\system32\config\system.tmp.LOG

Listing User Accounts:

User accounts for \\JASON-6O3MZY0B5

Administrator ASPNET Guest
HelpAssistant Jason M.U.G.E.N
SUPPORT_388945a0


Finished
and the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 12:46, on 07-06-17
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\conime.exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\System32\yumngbsa.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\HJT\Analyse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25CB092F-48FA-4F9A-89CC-E90C51312A6A} - D:\WINDOWS\System32\awvtq.dll (file missing)
O2 - BHO: H - {3644117A-821A-4cc4-ADD5-226A6694F722} - D:\WINDOWS\System32\co.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - D:\WINDOWS\System32\pgnxcslp.dll (file missing)
O2 - BHO: (no name) - {9A06836A-0E41-429F-BC31-33C4348253Db} - D:\WINDOWS\System32\udccbhgk.dll (file missing)
O2 - BHO: (no name) - {E50F832B-C808-4750-96D6-5B1B0F4A6B00} - D:\WINDOWS\System32\awtss.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [hwfutczk.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe
O4 - HKLM\..\Run: [szarkrmf.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\szarkrmf.exe
O4 - HKLM\..\Run: [SC2] D:\WINDOWS\System32\scchk32.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - Winlogon Notify: awvtq - D:\WINDOWS\System32\awvtq.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - - D:\WINDOWS\System32\yumngbsa.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

#8 Fred_Flintstone

Fred_Flintstone

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 615 posts

Posted 17 June 2007 - 07:24 PM

Hi Jason Chan..

Download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe

A log (logit.txt) should open afterwards. This log will be present on your desktop.
Post the contents of the log in your next reply.


Run HijackThis
Click on do a system scan only
Place a check next to these lines(if still present)

O2 - BHO: (no name) - {25CB092F-48FA-4F9A-89CC-E90C51312A6A} - D:\WINDOWS\System32\awvtq.dll (file missing)
O2 - BHO: H - {3644117A-821A-4cc4-ADD5-226A6694F722} - D:\WINDOWS\System32\co.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - D:\WINDOWS\System32\pgnxcslp.dll (file missing)
O2 - BHO: (no name) - {9A06836A-0E41-429F-BC31-33C4348253Db} - D:\WINDOWS\System32\udccbhgk.dll (file missing)
O2 - BHO: (no name) - {E50F832B-C808-4750-96D6-5B1B0F4A6B00} - D:\WINDOWS\System32\awtss.dll (file missing)
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [hwfutczk.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe
O4 - HKLM\..\Run: [szarkrmf.exe] D:\Documents and Settings\All Users.WINDOWS\Application Data\szarkrmf.exe
O4 - HKLM\..\Run: [SC2] D:\WINDOWS\System32\scchk32.exe
O20 - Winlogon Notify: awvtq - D:\WINDOWS\System32\awvtq.dll (file missing)

Then close all windows and browsers except HijackThis and click Fix Checked

Now, on your desktop..Right click on My Computer select Explore..
Navigate to and delete all of the following Files and Folders in BOLD..
If you can't find a particular file/folder just go on to the next in the list..

D:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe
D:\Documents and Settings\All Users.WINDOWS\Application Data\szarkrmf.exe
D:\WINDOWS\System32\scchk32.exe
D:\WINDOWS\System32\ipmon.exe

If you receive errors when attempting to delete any of those files, boot to Safe Mode and go after them again.

Only if needed HOW TO REBOOT INTO SAFE MODE
  • Restart your computer.
  • Tap the F8 key just before Windows starts to load".
  • Once "Advanced Options" appears, highlight "Safe Mode" and press Enter.


Please go here:
Click here to use the F-Secure Online Scanner
  • Then click the Start Scanning button below.
  • You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and copy and paste what's present under results in your next reply.

Please post back with the logs from:
  • logit.txt
  • F_Secure
  • and a fresh HJT log.
Please update me on how your computer is running.... :thumbsup:


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#9 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 18 June 2007 - 01:54 PM

(delete this post)

Edited by JASON CHON, 19 June 2007 - 10:58 AM.


#10 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 19 June 2007 - 10:50 AM

(delete this post)

Edited by JASON CHON, 19 June 2007 - 10:58 AM.


#11 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 19 June 2007 - 10:50 AM

im sorry but using F-Secure Online Scanner won't work for me because you have to be online to do it and my internet switches on and off randomly. so i have to keep restarting the scan because of this. is there an alternate for this that dosen't require the use of the internet? if not then i will try my best getting f-secure to work.

anyways here are the logs from log.txt and HJT



--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

AppleSoftwareUpdate.job
At1.job
At10.job
At11.job
At12.job
At13.job
At14.job
At15.job
At16.job
At17.job
At18.job
At19.job
At2.job
At20.job
At21.job
At22.job
At23.job
At24.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
At9.job
--------------------------------------------------------
App data folders

Volume in drive D is Local Disk
Volume Serial Number is 9C97-0F93

Directory of D:\Documents and Settings\Jason\Application Data

07-06-16 22:06 <DIR> .
07-06-16 22:06 <DIR> ..
07-03-02 16:28 <DIR> ACAMPREF
06-07-09 16:49 <DIR> ACDSYS~1 ACD Systems
06-11-24 14:15 <DIR> Adobe
07-05-25 09:08 <DIR> AdobeUM
06-06-07 18:17 <DIR> Aim
06-06-29 16:34 <DIR> APPLEC~1 Apple Computer
06-05-30 19:57 <DIR> CORECO~1 CoreCodec
07-06-09 19:09 <DIR> ELTIMA~1 Eltima Software
07-06-12 18:52 <DIR> FROSTW~1 FrostWire
07-06-09 19:59 <DIR> GeoVid
06-08-13 14:44 <DIR> Google
06-06-16 02:19 <DIR> GREATM~1 GreatMemo
07-06-15 10:31 <DIR> GRETECH
07-06-16 22:06 <DIR> GTek
06-05-23 17:38 <DIR> Help
06-05-12 11:46 <DIR> IDENTI~1 Identities
07-01-01 19:06 <DIR> INTERV~1 InterVideo
07-05-21 20:40 <DIR> JASCSO~1 Jasc Software Inc
06-05-13 00:59 <DIR> Lavasoft
06-05-14 19:19 <DIR> MACROM~1 Macromedia
06-11-11 16:17 <DIR> MICROS~1 Microsoft
06-05-12 12:20 <DIR> Mozilla
06-05-19 00:29 <DIR> NCHSWI~1 NCH Swift Sound
06-11-11 15:56 <DIR> OFFLIN~1 Offline Explorer
06-05-18 18:25 <DIR> PCTOOL~1 PC Tools
07-05-14 18:20 <DIR> Real
06-05-18 23:35 <DIR> RECORD~1 RecordPad
07-04-24 21:30 <DIR> Ringtone
06-06-26 00:26 <DIR> RIVERP~2 River Past G4
06-08-14 11:46 <DIR> SEVENZ~1 Seven Zip
06-12-31 16:21 <DIR> SOFTPL~1 Softplicity
06-05-13 18:36 <DIR> Sun
06-07-19 10:59 <DIR> Symantec
06-06-27 01:02 <DIR> URSoft
07-05-17 10:41 <DIR> uTorrent
06-10-02 10:07 <DIR> vlc
07-05-02 18:06 <DIR> VMware
06-08-24 03:57 <DIR> ZIPBAC~1 ZipBackupToCD
07-05-12 11:30 <DIR> ZipZag
0 File(s) 0 bytes
41 Dir(s) 9,961,418,752 bytes free
Volume in drive D is Local Disk
Volume Serial Number is 9C97-0F93

Directory of D:\Documents and Settings\All Users.WINDOWS\Application Data

07-06-17 20:37 <DIR> .
07-06-17 20:37 <DIR> ..
06-07-09 16:49 <DIR> ACDSYS~1 ACD Systems
07-06-15 10:31 <DIR> Adobe
07-04-28 08:47 <DIR> ANTIVI~1 AntiVir PersonalEdition Classic
06-09-15 15:34 <DIR> AOLDOW~1 AOL Downloads
07-01-01 19:04 <DIR> APPLEC~1 Apple Computer
06-05-31 09:32 <DIR> CanonBJ
06-10-04 07:40 <DIR> CYBERL~1 CyberLink
07-06-15 10:32 <DIR> GeoVid
06-08-13 14:44 <DIR> Google
07-06-15 10:31 <DIR> GRETECH
07-06-16 22:06 <DIR> GTek
07-01-01 19:01 <DIR> INSTAL~1 InstallShield
07-03-04 11:05 <DIR> KSP
06-07-01 01:42 <DIR> MICROS~1 Microsoft
06-06-16 20:59 <DIR> MSN6
06-05-18 23:35 <DIR> NCHSWI~1 NCH Swift Sound
06-05-15 23:35 <DIR> QUICKT~1 QuickTime
06-06-28 17:30 <DIR> RIVERP~1 River Past G4
06-05-13 00:59 <DIR> SPYBOT~1 Spybot - Search & Destroy
06-07-19 20:11 <DIR> Symantec
06-06-04 20:43 <DIR> VIEWPO~1 Viewpoint
07-05-12 15:50 <DIR> VMware
06-05-16 17:58 <DIR> WINDOW~1 Windows Genuine Advantage
07-05-12 09:43 <DIR> WinZip
0 File(s) 0 bytes
26 Dir(s) 9,961,414,656 bytes free
--------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 14:50, on 07-06-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\conime.exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\System32\yumngbsa.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\taskmgr.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\HJT\Analyse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - Unknown owner - D:\WINDOWS\System32\yumngbsa.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

#12 Fred_Flintstone

Fred_Flintstone

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 615 posts

Posted 19 June 2007 - 01:19 PM

Hi JASON CHON..

If you can't use online scans at the moment, lets try something else!..

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

Upload a File to Jotti
Please visit http://virusscan.jotti.org/
Click on Browse... and navigate to the following file: D:\WINDOWS\System32\yumngbsa.exe
Click Open(Please be patient as sometimes the server is busy and it can take a while).
Please let me know what the result is..

Please include in your next post:
  • The contents of DrWeb.csv
  • The result of the Jotti scan
  • And a fresh HJT log.
Also say what symtoms are remaining?

Thanks
Fred.. :thumbsup:


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#13 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 20 June 2007 - 02:09 PM

my computer is running more smoothly, no pop ups, and computer runs a lot faster!
heres the logs

log from Dr.Web

setup.exe;D:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3852.1.16;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;D:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;D:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.1.3;Probably BACKDOOR.Trojan;Incurable.Moved.;
000002DD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002DE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002E9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002EA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002EB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002EC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002ED.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002EE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002EF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002F9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002FA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002FB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002FC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002FD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002FE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000002FF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000300.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000301.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000302.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000303.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000304.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000305.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000306.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000307.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000308.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000309.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000030A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000030B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000030C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000030D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000030F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000310.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000311.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000312.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000313.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000314.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000315.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000316.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000317.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000318.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000319.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000031A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000031B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000031C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000031D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000031E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000031F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000320.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000321.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000322.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000323.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000324.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000325.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000326.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000327.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000328.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000329.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000032A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000032B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000032C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000032D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000032E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000032F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000330.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000331.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000332.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000333.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000334.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000335.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000336.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000337.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000338.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000339.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000033A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000033B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000033C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000033D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000033E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000033F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000340.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000341.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000342.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000343.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000344.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000345.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000346.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000347.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000348.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000349.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000034A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000034B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000034C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000034D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000034E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000034F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000350.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000351.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000352.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000353.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000354.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000355.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000356.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000357.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000358.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000035A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000035B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000035C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000035D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000035E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000035F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000360.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000361.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000362.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000363.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000364.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000365.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000366.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000367.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000368.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000369.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000036A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000036B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000036C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000036D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000036E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000036F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000370.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000371.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000372.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000373.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000374.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000375.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000376.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000377.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000378.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000379.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000037A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000037B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000037C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000037D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000037E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000037F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000380.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000381.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000382.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000383.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000384.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000385.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000386.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000387.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000388.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000389.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000038A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000038B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000038C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000038D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000038E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000038F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000390.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000391.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000392.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000393.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000394.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000395.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000396.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000397.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000398.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000399.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000039A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000039B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000039C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000039D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000039E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000039F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003A9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003AA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003AB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003AD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003AE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003AF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003B9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003BA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003BB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003BC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003BD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003BE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003BF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003C9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003CA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003CB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003CC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003CD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003CE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003CF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003D9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003DA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003DB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003DC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003DD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003DE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003DF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003E9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003EA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003EB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003EC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003ED.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003EE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003EF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003F9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003FA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003FB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003FC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003FD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003FE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000003FF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000400.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000401.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000402.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000403.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000404.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000405.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000406.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000407.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000408.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000409.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000040A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000040B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000040C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000040D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000040E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000040F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000410.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000411.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000412.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000413.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000414.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000415.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000416.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000417.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000418.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000419.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000041A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000041B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000041C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000041D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000041E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000041F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000420.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000421.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000422.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000423.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000424.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000425.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000426.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000427.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000428.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000429.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000042A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000042B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000042C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000042D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000042E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000042F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000430.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000431.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000432.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000433.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000434.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000435.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000436.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000437.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000438.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000439.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000043A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000043B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000043C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000043D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000043E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000043F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000440.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000441.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000442.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000443.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000444.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000445.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000446.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000447.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000448.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000449.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000044B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000044C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000044D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000044E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000044F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000450.0;D:&

#14 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 20 June 2007 - 02:13 PM

00000452.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000453.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000454.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000455.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000456.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000457.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000458.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000459.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000045A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000045B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000045C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000045D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000045E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000045F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000461.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000462.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000463.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000464.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000465.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000466.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000467.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000468.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000469.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000046A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000046B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000046C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000046D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000046E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000046F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000470.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000471.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000472.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000473.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000474.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000475.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000476.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000477.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000478.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000479.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000047A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000047B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000047C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000047D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000047E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000047F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000480.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000481.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000482.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000483.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000484.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000485.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000486.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000487.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000488.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000489.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000048A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000048B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000048C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000048D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000048E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000048F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000490.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000491.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000492.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000493.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000494.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000495.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000496.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000497.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000498.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
00000499.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000049A.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000049B.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000049C.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000049D.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000049E.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
0000049F.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004A9.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004AA.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004AB.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004AC.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004AD.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004AE.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004AF.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004B0.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004B1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004B2.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004B3.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004B4.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004B5.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004B6.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004B7.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004B8.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
000004C1.0;D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Trojan.FakeSetup;Deleted.;
inst.exe;D:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads\triton_suite_install_2.2.71.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;D:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads\triton_suite_install_2.3.30.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
TS-AudioToMIDI.exe.vir;D:\Documents and Settings\Jason\Desktop\Some Kind of Crap;Win32.Liage.4;Cured.;
SetupDTSB.exe;D:\Program Files\DAEMON Tools;Adware.SaveNow;Incurable.Moved.;
search.dll;D:\Program Files\DAEMON Tools SearchBar;Adware.SaveNow;Incurable.Moved.;
ipwins.dll.vir;D:\QooBox\Quarantine\D\Program Files\Ipwindows;Trojan.Rond;Deleted.;
ipwins.exe.vir;D:\QooBox\Quarantine\D\Program Files\Ipwindows;Trojan.Rond;Deleted.;
UnInstall.exe.vir;D:\QooBox\Quarantine\D\Program Files\Ipwindows;Trojan.Rond;Deleted.;
csrss.exe.vir;D:\QooBox\Quarantine\D\WINDOWS;Trojan.LowZones.231;Deleted.;
retadpu172.exe.vir;D:\QooBox\Quarantine\D\WINDOWS;Trojan.DownLoader.23807;Deleted.;
awvvs.dll.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Trojan.Virtumod;Deleted.;
comi.dll.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Trojan.PWS.Banker.9983;Deleted.;
gqbhtxal.dll.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Trojan.Virtumod;Deleted.;
max1d1641.exe.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Dialer.Maxd;Deleted.;
mp43.exe.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;BackDoor.Generic.1570;Deleted.;
winbjt32.dll.vir;D:\QooBox\Quarantine\D\WINDOWS\system32;Trojan.Mezzia;Deleted.;
SVCH0ST(10).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(11).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(12).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(13).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(14).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(15).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(16).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(17).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(18).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(19).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(2).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(20).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(21).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(22).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(23).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(3).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(4).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(5).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(6).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(7).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(8).0XE;D:\Recycled;Win32.Liage.4;Cured.;
SVCH0ST(9).0XE;D:\Recycled;Win32.Liage.4;Cured.;
Process.exe;D:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0042878.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP190;Trojan.DownLoader.22968;Deleted.;
A0042879.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP190;Trojan.DownLoader.22968;Deleted.;
A0042880.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP190;Trojan.DownLoader.22968;Deleted.;
A0043115.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP192;Adware.SaveNow;Incurable.Moved.;
A0043116.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP192;Adware.Whenu;Incurable.Moved.;
A0043117.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP192;Adware.SaveNow;Incurable.Moved.;
A0043120.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;Adware.SaveNow;Incurable.Moved.;
A0043157.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;Adware.Whenu;Incurable.Moved.;
A0043158.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;Adware.SaveNow;Incurable.Moved.;
A0043244.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;Trojan.DownLoader.24028;Deleted.;
A0043252.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP193;BackDoor.Generic.1578;Deleted.;
A0044026.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP195;Trojan.Virtumod;Deleted.;
A0045424.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;
A0045442.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.EzulaAd;Deleted.;
A0045596.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Rond;Deleted.;
A0045597.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Rond;Deleted.;
A0045598.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Rond;Deleted.;
A0045610.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Adware.Crew;Incurable.Moved.;
A0045611.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;BackDoor.Generic.1570;Deleted.;
A0045613.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Adware.Crew;Incurable.Moved.;
A0045614.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;
A0045615.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;
A0045616.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.PWS.Banker.9870;Deleted.;
A0045617.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.PWS.Banker.9870;Deleted.;
A0045618.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.PWS.Banker.9983;Deleted.;
A0045620.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.LowZones.231;Deleted.;
A0045623.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;BackDoor.Generic.1578;Deleted.;
A0045697.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.23031;Deleted.;
A0045711.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;
A0045714.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Dialer.Maxd;Deleted.;
A0045715.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.23031;Deleted.;
A0045716.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Fakealert.249;Deleted.;
A0045717.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.Virtumod;Deleted.;
A0045719.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.24028;Deleted.;
A0046564.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.23807;Deleted.;
A0046565.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.22968;Deleted.;
A0046566.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.22968;Deleted.;
A0046567.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.22968;Deleted.;
A0047465.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.DownLoader.22968;Deleted.;
A0047466.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.DownLoader.22968;Deleted.;
A0047467.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.DownLoader.22968;Deleted.;
A0047520.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.SaveNow;Incurable.Moved.;
A0047521.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.Whenu;Incurable.Moved.;
A0047522.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.SaveNow;Incurable.Moved.;
A0047523.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.Whenu;Incurable.Moved.;
A0047524.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.SaveNow;Incurable.Moved.;
A0047540.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.DownLoader.24028;Deleted.;
A0047548.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;BackDoor.Generic.1578;Deleted.;
A0047626.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Adware.Crew;Incurable.Moved.;
A0047627.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.PWS.Banker.9870;Deleted.;
A0047628.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.Virtumod;Deleted.;
A0047639.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP198;Trojan.Fakealert.249;Deleted.;
A0047665.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23031;Deleted.;
A0047666.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;
A0047717.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;
A0047718.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;
A0047719.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;
A0047721.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Adware.Crew;Incurable.Moved.;
A0047728.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Virtumod;Deleted.;
A0047763.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23807;Deleted.;
A0047764.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Dialer.Maxd;Deleted.;
A0047765.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Rond;Deleted.;
A0047766.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Rond;Deleted.;
A0047767.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Rond;Deleted.;
A0047769.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.LowZones.231;Deleted.;
A0047771.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;BackDoor.Generic.1570;Deleted.;
A0047773.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.PWS.Banker.9983;Deleted.;
A0047777.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.Mezzia;Deleted.;
A0047902.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23031;Deleted.;
A0047906.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23031;Deleted.;
A0048291.dll;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.PWS.Banker.9870;Deleted.;
A0048292.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.EzulaAd;Deleted.;
A0048293.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048294.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048296.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048297.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048298.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048299.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048300.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048301.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048302.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048303.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048304.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048305.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048306.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048307.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048308.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048309.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048310.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048311.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048312.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048313.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048314.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0048315.exe;D:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Win32.Liage.4;Cured.;
A0046571.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Tool.BrutusPWS;Incurable.Moved.;
A0046572.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Tool.BrutusPWS;Incurable.Moved.;
A0046573.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Adware.NewDotNet;Incurable.Moved.;
A0046574.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Trojan.Isbar.390;Incurable.Moved.;
A0046575.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP122;Trojan.Isbar.390;Incurable.Moved.;
A0048110.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP137;Tool.BrutusPWS;Incurable.Moved.;
A0060893.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP156;Adware.BetterInternet;Incurable.Moved.;
A0060920.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Adware.BetterInternet;Incurable.Moved.;
A0060923.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Probably DLOADER.Trojan;Incurable.Moved.;
A0060926.EXE;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Adware.BetterInternet;Incurable.Moved.;
A0060929.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Adware.BetterInternet;Incurable.Moved.;
A0061171.dll;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP157;Adware.RXToolbar;Incurable.Moved.;
A0061541.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP162;Adware.Mirarbar;Incurable.Moved.;
A0061579.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP162;Adware.Nexus;Incurable.Moved.;
A0061839.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP165;Adware.SaveNow;Incurable.Moved.;
A0061848.dll;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP165;Adware.SaveNow;Incurable.Moved.;
A0062022.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.MulDrop.2785;Deleted.;
A0062178.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.MulDrop.2785;Deleted.;
A0062179.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.Isbar.390;Incurable.Moved.;
A0062180.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.Isbar.390;Incurable.Moved.;
A0062244.dll;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP169;Trojan.Qoologic;Deleted.;
A0062443.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP172;Trojan.Qoologic;Deleted.;
A0062445.exe;D:\System Volume Information\_restore{4D1DDB4B-1B2D-4BDF-975C-9726AA415933}\RP172;Trojan.Qoologic;Deleted.;
smanager.7.exe~;D:\WINDOWS;Trojan.DownLoader.23032;Deleted.;
ahfyjtlg.dll.vir;D:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
CIMM.0LL;D:\WINDOWS\system32;Trojan.PWS.Banker.9870;Deleted.;
GTDownLS_125.ocx;D:\WINDOWS\system32;Adware.Gdown;Incurable.Moved.;
ssqqolj.dll;D:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
YUMNGBSA.0XE;D:\WINDOWS\system32;Trojan.EzulaAd;Will be cured after reboot.;
sgvxeehw.exe;C:\;Trojan.DownLoader.24029;Deleted.;
SYSGFVB.0XE;C:\;BackDoor.Generic.1578;Deleted.;
WYJGSA.0XE;C:\;Trojan.DownLoader.23811;Deleted.;
printhook030.dll;C:\Program Files\PrintView;Adware.PrintView;Incurable.Moved.;
pvmodule.exe;C:\Program Files\PrintView;Adware.PrintView;Incurable.Moved.;
A0047023.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;BackDoor.Generic.1578;Deleted.;
A0047025.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.23811;Deleted.;
A0047026.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP197;Trojan.DownLoader.24029;Deleted.;
A0048289.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;BackDoor.Generic.1578;Deleted.;
A0048290.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP199;Trojan.DownLoader.23811;Deleted.;
A0048491.exe;C:\System Volume Information\_restore{4842E861-D8FB-4697-ACDD-834E457C1130}\RP201;Trojan.DownLoader.24029;Deleted.;

the file scan

Scan taken on 20 Jun 2007 00:30:51 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Agent.aoy.1
ArcaVir
Found Trojan.Agent.Aoy
Avast
Found nothing
AVG Antivirus
Found Generic5.CF
BitDefender
Found Trojan.Fotomoto.A
ClamAV
Found nothing
Dr.Web
Found Trojan.EzulaAd
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan.Win32.Agent.aoy
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Trojan.Win32.Agent.aoy
NOD32
Found nothing
Norman Virus Control
Found W32/Agent.BSOF
Panda Antivirus
Found Trj/Downloader.OZB
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Trojan.Win32.Agent.aoy

the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 15:06, on 07-06-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
D:\WINDOWS\System32\conime.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\System32\taskmgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\HJT\Analyse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - Unknown owner - D:\WINDOWS\System32\yumngbsa.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

#15 Fred_Flintstone

Fred_Flintstone

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 615 posts

Posted 21 June 2007 - 01:57 AM

Hi JASON CHON...
Glad to hear your pc is running better now.. well done!!.. :thumbsup:
Almost there... :rolleyes:

Run HijackThis
Click on do a system scan only
Place a check next to these lines(if still present)

O23 - Service: DomainService - Unknown owner - D:\WINDOWS\System32\yumngbsa.exe (file missing)

Then close all windows and browsers except HijackThis and click Fix Checked

Now, on your desktop..Right click on My Computer select Explore..
Navigate to and delete all of the following File in BOLD..(If found)<< might be gone already, but check to be sure!

D:\WINDOWS\System32\yumngbsa.exe

You might need to show hidden files to see it:
Only if needed
Reconfigure Windows XP to show hidden files:
  • Double-click the My Computer icon on the Windows desktop.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading select "Show hidden files and folders".
  • Uncheck the "Hide protected operating system files (recommended)" option.
  • Uncheck the "Hide file extensions for known file types" option.
  • Click Yes to confirm. Click Apply then Click Ok.
Let me know if you had to show hidden files as we need to "re-hide" them when we are finished!

If you receive errors when attempting to delete any of those files, boot to Safe Mode and go after them again.

Only if needed HOW TO REBOOT INTO SAFE MODE
  • Restart your computer.
  • Tap the F8 key just before Windows starts to load".
  • Once "Advanced Options" appears, highlight "Safe Mode" and press Enter.
Reboot
Did you have any problems installing the firewall?
I don't see it in the running processes or services in the log??

I would like you to try the online scanner again to be sure you are clean before we deal with UPDATES and such..
  • You are running SP1 (should be SP2)
  • Java is way out of date
Click here to use the F-Secure Online Scanner
  • Then click the Start Scanning button below.
  • You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and copy and paste what's present under results in your next reply.
Please post back with the result of the online scan, and a fresh HJT log..
Also update me on any issues you are still experiencing (if any)?

Thanks
Fred.. :wave:


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#16 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 22 June 2007 - 09:30 PM

here are the logs. im not going to be home till 3 days so expect a late response.

Scanning Report
Friday, June 22, 2007 18:19:18 - 22:18:56

Computer name: JASON-6O3MZY0B5
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 20 malware found
Gobot.A (virus)

* D:\PROGRAM FILES\ZIPFUSION\ZFI.EXE (Submitted)

JS/Linker.V@troj (virus)

* D:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1QUPGCL.DEFAULT\CACHE(2)\463F8EDBD01 (Submitted)

Packed.Win32.Morphine.a (virus)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0045610.DLL (Submitted)
* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0045613.DLL (Submitted)
* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0047626.DLL (Submitted)
* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0047721.DLL (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System

Trojan-Downloader.Win32.Qoologic.at (virus)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0061579.EXE (Renamed & Submitted)

W32/Agent.ANEH (virus)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\PVMODULE.EXE (Submitted)

W32/Agent.ANEI (virus)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\PRINTHOOK030.DLL (Submitted)

W32/Ezula.CV.dropper (virus)

* D:\DOCUMENTS AND SETTINGS\JASON CHON\LOCAL SETTINGS\TEMP\B2S_IRIS.EXE (Submitted)

W32/Istbar.AKU (virus)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0046574.EXE (Submitted)
* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0046575.EXE (Submitted)
* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0062179.EXE (Submitted)
* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0062180.EXE (Submitted)

W32/Mirar.J.dropper (virus)

* D:\DOCUMENTS AND SETTINGS\JASON\DOCTORWEB\QUARANTINE\A0061541.EXE (Submitted)

W32/Smalldrp.GOJ (virus)

* D:\WINDOWS\SETUP90.EXE (Submitted)

W32/Smalldrp.IQK (virus)

* C:\WINDOWS\VISFX500.EXE (Submitted)

W32/Smalltroj.AYA (virus)

* D:\DOCUMENTS AND SETTINGS\JASON CHON\LOCAL SETTINGS\TEMP\AUPD.EXE (Submitted)

Statistics
Scanned:

* Files: 51287
* System: 4891
* Not scanned: 5

Actions:

* Disinfected: 1
* Renamed: 1
* Deleted: 0
* None: 18
* Submitted: 18

Files not scanned:

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\204FADA7B17E0057933138296468BDD7_CB8617D1-F10E-4177-96FA-88FB1EA23982
* D:\PAGEFILE.SYS
* D:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* D:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF8C6DA157DF5E0ADF86EAA03D4BA716_923730A9-7109-45DE-A08D-E047193B0C6D


HJT log

Logfile of HijackThis v1.99.1
Scan saved at 22:27, on 07-06-22
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
D:\WINDOWS\System32\conime.exe
D:\WINDOWS\System32\taskmgr.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\DOCUME~1\Jason\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
D:\DOCUME~1\Jason\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\HJT\Analyse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

there is nothing unusual about my computer now. seems like its brand new ^_^

#17 Fred_Flintstone

Fred_Flintstone

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 615 posts

Posted 25 June 2007 - 07:19 AM

Hi JASON CHON..

there is nothing unusual about my computer now. seems like its brand new ^_^

Always good to hear!!.. :thumbsup:

Couple of things left to do.

I still see no indication in your log that you have a firewall installed and active!.
We need to get one running or you will soon get re-infected and back to square one!!.

Some good FREE firewalls are:Please download only one of the above and install it to your computer

A tutorial on understanding and using firewalls may be found HERE.

You can get rid af any of the tools we have downloaded, they are updated almost daily so no use keeping them.

Delete the following folders:

D:\ComboFix\
D:\QooBox\
D:\SDFix\
D:\vundofix\

Also delete Deljob.exe and Dr.Web CureIt from your desktop (Along with any other tools/shortcuts etc).

Now, lets get on with updates:

You are still using XP with SP1(Service Pack 1), there are a lot of vulnerabilities in SP1 which have been utilised by hijackers and malware creators etc.
It is CRITICAL that you upgrade your system to SP2 (Service Pack 2) IMMEDIATELY..
Windows XP has come a long way since SP1, and there are many security patches in SP2 that you need to keep your system secure.

To update windows Click Here

Please post back to confirm that the update to Service Pack 2 went ok as any problems could indicate further infection that we need to check out!

Thanks,
Fred.. :thumbsup:


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#18 JASON CHON

JASON CHON

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 28 June 2007 - 08:00 AM

the updates went ok BUT when i installed the firewalls, it gave me internet problems. the firewall wouldn't let me connect to the internet but i didn't know that so i had a hard time figuring it out. but besides the firewall problem , there seems to be no infections on my computer now ^_^

#19 Fred_Flintstone

Fred_Flintstone

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 615 posts

Posted 28 June 2007 - 08:16 AM

Hi JASON CHON..

Glad things went well.. :thumbsup:
What firewall did you choose to install??
Perhaps you inadvertantly blocked something which affects your internet connection.

I use Kerio free version myself and had no problems with it..
When I first installed it I had to "set a rule" when programs asked for access etc, but once done it has run for about 2 years without trouble.

You could always try removing it and trying another to see what suits you..
Just make sure you don't connect to the internet without a firewall!

Please post a fresh HJT log for review and if it's clear, we should be good to go to prevention stuff to keep you clean in future..

Well done so far though!.. :thumbsup: :thumbsup:

Fred..


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#20 Fred_Flintstone

Fred_Flintstone

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 615 posts

Posted 04 July 2007 - 09:44 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread.

This applies only to the original topic starter.

Everyone else please begin a New Topic.


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button