Tech Support Forum - View Single Post - popups; Trj/Downloader.OZB, Generic Malware, Trj/Downloader.PCQ

stellar · 10-08-2007, 10:13 AM

okay. sorry, i forgot to reply to your question- no, my subscription isn't current. it'll be another 2 weeks before i'll be able to buy the new one, so i'd rather try a free one now.

smitfraudfix:

SmitFraudFix v2.239

Scan done at 22:09:22.96, Mon 10/08/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Owner\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\MalwaresWipeds\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{838E5E30-914D-4C6D-9237-D42254E62A72}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{838E5E30-914D-4C6D-9237-D42254E62A72}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{838E5E30-914D-4C6D-9237-D42254E62A72}: DhcpNameServer=208.180.42.68 208.180.42.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

kapersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 09, 2007 11:02:33 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 8/10/2007
Kaspersky Anti-Virus database records: 428953
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 84657
Number of viruses found: 39
Number of infected objects: 93
Number of suspicious objects: 0
Duration of the scan process: 01:13:04

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\snapsnet.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\snapsnet.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\wavesnet.exe Infected: Trojan-Downloader.Win32.Small.fwu skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\{65E11E63-59B2-1768-905B-EF8FD727E53E}-laf10.tmp Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~wa6psetup.exe/file016 Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~wa6psetup.exe/file017 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~wa6psetup.exe/file018 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~wa6psetup.exe Inno: infected - 3 skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\{FF0816D3-A852-339A-CFE4-A5699804449C}-laf10.tmp Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\rayiou.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\Owner\Application Data\MySpace\IM\Logs\MySpaceIM-20071008-230952.log Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2007-10-07@18.16.zip/tsitra572.exe Infected: Trojan-Downloader.Win32.Agent.dve skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2007-10-07@18.16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007100820071009\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DFFCFF.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CA9371A.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CA9371A.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CA9371A.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CA9371A.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\24E8472F Infected: Trojan-Downloader.Win32.Zlob.bnw skipped
C:\Program Files\Norton AntiVirus\Quarantine\3D101CEC.htm Infected: Trojan-Downloader.JS.Agent.hv skipped
C:\Program Files\Norton AntiVirus\Quarantine\3D1346E8.htm Infected: Trojan-Downloader.JS.Agent.hv skipped
C:\Program Files\Norton AntiVirus\Quarantine\41FF5FE4 Infected: Trojan-Downloader.Win32.Zlob.bny skipped
C:\Program Files\Norton AntiVirus\Quarantine\46AE4C7D Infected: Trojan-Downloader.Win32.Zlob.bni skipped
C:\Program Files\Norton AntiVirus\Quarantine\46B27679 Infected: Trojan-Downloader.Win32.Zlob.bnz skipped
C:\Program Files\Norton AntiVirus\Quarantine\5743740E.exe Infected: Trojan-Downloader.Win32.Small.fgr skipped
C:\Program Files\Norton AntiVirus\Quarantine\57566FF9.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Norton AntiVirus\Quarantine\63676B73 Infected: not-a-virus:Downloader.Win32.WinFixer.bb skipped
C:\Program Files\Norton AntiVirus\Quarantine\636A1570 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Program Files\Norton AntiVirus\Quarantine\636D3F6C Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\Program Files\Norton AntiVirus\Quarantine\64153B25 Infected: Trojan-Downloader.Win32.Zlob.bnw skipped
C:\Program Files\Norton AntiVirus\Quarantine\67345B6E/data0006 Infected: not-a-virus:FraudTool.Win32.AntiVermins.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\67345B6E NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\67345B6E CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\6738056A Infected: not-a-virus:FraudTool.Win32.MalwareWipe.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\69C27AF8 Infected: Trojan-Downloader.Win32.Zlob.bnw skipped
C:\Program Files\Norton AntiVirus\Quarantine\6D552EAF Infected: Trojan-Downloader.Win32.Zlob.bnw skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\WinTouch\WTUninstaller.exe.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\qoobox\Quarantine\C\Program Files\Insider\Insider.exe.vir Infected: Trojan.Win32.Agent.bnd skipped
C:\qoobox\Quarantine\C\Program Files\Insider\UnInstall.exe.vir Infected: Trojan.Win32.Agent.bnd skipped
C:\qoobox\Quarantine\C\Program Files\Online Services\meqocaho4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\Online Services\meqocaho83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir Infected: Trojan-Downloader.Win32.Adload.lv skipped
C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bhnakcfy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rtjvkqqd.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\uhpvifmp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vMW10a\vMW10a1099.exe.vir Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\whkfiaca.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xyfgvhge.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP531\A0058234.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP543\A0058536.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061610.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061610.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061613.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061615.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061615.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061647.dll Infected: Trojan-Downloader.Win32.Agent.dpq skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061648.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061649.exe Infected: Trojan-Downloader.Win32.Agent.dvd skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061650.exe Infected: Trojan-Downloader.Win32.Agent.dvd skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061674.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP554\A0061797.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP554\A0061821.exe Infected: Trojan.Win32.VB.bgu skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP554\A0061822.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP554\A0061823.exe Infected: Trojan-Downloader.Win32.Small.fwb skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP555\A0061855.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP555\A0061856.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP555\A0061857.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP556\A0061960.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP556\A0061975.exe Infected: Trojan-Downloader.Win32.Agent.duy skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP557\A0062000.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062013.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062014.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062015.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062016.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062017.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062018.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062019.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062023.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062031.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062032.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062033.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062036.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP561\A0062088.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP562\A0062133.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP562\A0062133.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP562\A0062133.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP564\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6C8F03E7-56F0-4165-B844-B84ADFB1DD24}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\tsitra572.exe.tmp Infected: Trojan-Downloader.Win32.Agent.duy skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP564\change.log Object is locked skipped

Scan process completed.

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11

00 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.overture.com/d/search/p/h...e+black+parade
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174753528453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7590 bytes

10-08-2007, 10:13 AM	#7 (permalink)
stellar Registered User Join Date: Oct 2007 Location: oklahoma Posts: 13 OS: windows xp service pack 2	Re: popups; Trj/Downloader.OZB, Generic Malware, Trj/Downloader.PCQ okay. sorry, i forgot to reply to your question- no, my subscription isn't current. it'll be another 2 weeks before i'll be able to buy the new one, so i'd rather try a free one now. smitfraudfix: SmitFraudFix v2.239 Scan done at 22:09:22.96, Mon 10/08/2007 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\Owner\FAVORI~1\Online Security Test.url Deleted C:\Program Files\MalwaresWipeds\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{838E5E30-914D-4C6D-9237-D42254E62A72}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{838E5E30-914D-4C6D-9237-D42254E62A72}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{838E5E30-914D-4C6D-9237-D42254E62A72}: DhcpNameServer=208.180.42.68 208.180.42.100 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End kapersky: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, October 09, 2007 11:02:33 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 8/10/2007 Kaspersky Anti-Virus database records: 428953 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ G:\ H:\ I:\ J:\ Scan Statistics: Total number of scanned objects: 84657 Number of viruses found: 39 Number of infected objects: 93 Number of suspicious objects: 0 Duration of the scan process: 01:13:04 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\snapsnet.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\snapsnet.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\wavesnet.exe Infected: Trojan-Downloader.Win32.Small.fwu skipped C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\{65E11E63-59B2-1768-905B-EF8FD727E53E}-laf10.tmp Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c skipped C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~wa6psetup.exe/file016 Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~wa6psetup.exe/file017 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~wa6psetup.exe/file018 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~wa6psetup.exe Inno: infected - 3 skipped C:\Deckard\System Scanner\backup\WINDOWS\temp\{FF0816D3-A852-339A-CFE4-A5699804449C}-laf10.tmp Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\rayiou.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped C:\Documents and Settings\Owner\Application Data\MySpace\IM\Logs\MySpaceIM-20071008-230952.log Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\Owner\Desktop\[4]-Submit_2007-10-07@18.16.zip/tsitra572.exe Infected: Trojan-Downloader.Win32.Agent.dve skipped C:\Documents and Settings\Owner\Desktop\[4]-Submit_2007-10-07@18.16.zip ZIP: infected - 1 skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007100820071009\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\temp\~DFFCFF.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped C:\Program Files\Norton AntiVirus\Quarantine\1CA9371A.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped C:\Program Files\Norton AntiVirus\Quarantine\1CA9371A.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped C:\Program Files\Norton AntiVirus\Quarantine\1CA9371A.zip ZIP: infected - 2 skipped C:\Program Files\Norton AntiVirus\Quarantine\1CA9371A.zip CryptFF: infected - 2 skipped C:\Program Files\Norton AntiVirus\Quarantine\24E8472F Infected: Trojan-Downloader.Win32.Zlob.bnw skipped C:\Program Files\Norton AntiVirus\Quarantine\3D101CEC.htm Infected: Trojan-Downloader.JS.Agent.hv skipped C:\Program Files\Norton AntiVirus\Quarantine\3D1346E8.htm Infected: Trojan-Downloader.JS.Agent.hv skipped C:\Program Files\Norton AntiVirus\Quarantine\41FF5FE4 Infected: Trojan-Downloader.Win32.Zlob.bny skipped C:\Program Files\Norton AntiVirus\Quarantine\46AE4C7D Infected: Trojan-Downloader.Win32.Zlob.bni skipped C:\Program Files\Norton AntiVirus\Quarantine\46B27679 Infected: Trojan-Downloader.Win32.Zlob.bnz skipped C:\Program Files\Norton AntiVirus\Quarantine\5743740E.exe Infected: Trojan-Downloader.Win32.Small.fgr skipped C:\Program Files\Norton AntiVirus\Quarantine\57566FF9.exe Infected: Trojan-Clicker.Win32.Small.jf skipped C:\Program Files\Norton AntiVirus\Quarantine\63676B73 Infected: not-a-virus:Downloader.Win32.WinFixer.bb skipped C:\Program Files\Norton AntiVirus\Quarantine\636A1570 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped C:\Program Files\Norton AntiVirus\Quarantine\636D3F6C Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped C:\Program Files\Norton AntiVirus\Quarantine\64153B25 Infected: Trojan-Downloader.Win32.Zlob.bnw skipped C:\Program Files\Norton AntiVirus\Quarantine\67345B6E/data0006 Infected: not-a-virus:FraudTool.Win32.AntiVermins.a skipped C:\Program Files\Norton AntiVirus\Quarantine\67345B6E NSIS: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\67345B6E CryptFF: infected - 1 skipped C:\Program Files\Norton AntiVirus\Quarantine\6738056A Infected: not-a-virus:FraudTool.Win32.MalwareWipe.d skipped C:\Program Files\Norton AntiVirus\Quarantine\69C27AF8 Infected: Trojan-Downloader.Win32.Zlob.bnw skipped C:\Program Files\Norton AntiVirus\Quarantine\6D552EAF Infected: Trojan-Downloader.Win32.Zlob.bnw skipped C:\qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\WinTouch\WTUninstaller.exe.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped C:\qoobox\Quarantine\C\Program Files\Insider\Insider.exe.vir Infected: Trojan.Win32.Agent.bnd skipped C:\qoobox\Quarantine\C\Program Files\Insider\UnInstall.exe.vir Infected: Trojan.Win32.Agent.bnd skipped C:\qoobox\Quarantine\C\Program Files\Online Services\meqocaho4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\qoobox\Quarantine\C\Program Files\Online Services\meqocaho83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir Infected: Trojan-Downloader.Win32.Adload.lv skipped C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.dpn skipped C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir Infected: Trojan-Downloader.Win32.Agent.cbx skipped C:\qoobox\Quarantine\C\WINDOWS\system32\bhnakcfy.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINDOWS\system32\rtjvkqqd.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\qoobox\Quarantine\C\WINDOWS\system32\uhpvifmp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped C:\qoobox\Quarantine\C\WINDOWS\system32\vMW10a\vMW10a1099.exe.vir Infected: Trojan-Downloader.Win32.VB.bkw skipped C:\qoobox\Quarantine\C\WINDOWS\system32\whkfiaca.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped C:\qoobox\Quarantine\C\WINDOWS\system32\xyfgvhge.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP531\A0058234.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP543\A0058536.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061610.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061610.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061613.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061615.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP549\A0061615.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061647.dll Infected: Trojan-Downloader.Win32.Agent.dpq skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061648.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061649.exe Infected: Trojan-Downloader.Win32.Agent.dvd skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061650.exe Infected: Trojan-Downloader.Win32.Agent.dvd skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP550\A0061674.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP554\A0061797.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP554\A0061821.exe Infected: Trojan.Win32.VB.bgu skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP554\A0061822.exe Infected: Trojan.Win32.Agent.bnd skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP554\A0061823.exe Infected: Trojan-Downloader.Win32.Small.fwb skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP555\A0061855.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP555\A0061856.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP555\A0061857.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP556\A0061960.exe Infected: Trojan.Win32.Agent.bqn skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP556\A0061975.exe Infected: Trojan-Downloader.Win32.Agent.duy skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP557\A0062000.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062013.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062014.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062015.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062016.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062017.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062018.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062019.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062023.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062031.exe Infected: Trojan.Win32.Agent.bnd skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062032.exe Infected: Trojan.Win32.Agent.bnd skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062033.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP559\A0062036.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP561\A0062088.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP562\A0062133.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP562\A0062133.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP562\A0062133.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP564\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{6C8F03E7-56F0-4165-B844-B84ADFB1DD24}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\tsitra572.exe.tmp Infected: Trojan-Downloader.Win32.Agent.duy skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP564\change.log Object is locked skipped Scan process completed. hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1100 AM, on 10/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.overture.com/d/search/p/h...e+black+parade R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174753528453 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- End of file - 7590 bytes