Tech Support banner
Status
Not open for further replies.
1 - 15 of 15 Posts

·
Registered
Joined
·
40 Posts
Discussion Starter · #1 ·
A couple a days ago i started HJT and everything was fine but now every time i try tu get it runing i get a message that he can not start the application because MSVBVM60.DLL was not found.
And sometimes when i try to start my explorer.exe he stops responding i need to close it with the Task manager/End task.
Also i keep geting a message about "Bloodhound.Packed.7" is detected on my computer.

Please help!!!
 

·
Registered
Joined
·
2,335 Posts
What program is giving you the message about Bloodhound?

The msvbvm60.dll is a module for the Microsoft Visual Basic virtual machine.

Let's deal with Bloodhound first.
 

·
Registered
Joined
·
40 Posts
Discussion Starter · #3 ·
Norton antivirus is giving me the message about Bloodhound.

and there are a couple programs which are not working also but are giving the same message with difrent files mising
example "d3dx9_25.dll not found"
 

·
Registered
Joined
·
2,335 Posts
OK. We really need to get HJT up and running. Let's try this:

Check your Norton logs for a file path.

Then try and run this program:


ComboFix



1. Download this file - You MUST save it to your desktop

COMBOFIX




2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post the CF log which can be found at: c:\combofix.txt
 

·
Registered
Joined
·
40 Posts
Discussion Starter · #5 ·
Ok

the bloodhound virus was detected in "C:\WINDOWS\system32\dmgvv.exe " and "C:\WINDOWS\system32\csljl.exe" files.

This is the CF log

"josip" - 07-01-05 14:58:45,78 Service Pack 1
ComboFix 07-01-04W-BetaE2 - Running from: "C:\Documents and Settings\josip\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\josip\Desktop\Internet Explorer.lnk


((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))


2007-01-02 18:35 <DIR> d-------- C:\WINDOWS\LogFiles
2007-01-02 16:45 <DIR> d-------- C:\DOCUME~1\josip\APPLIC~1\My Games
2007-01-02 16:36 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-01-02 16:31 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-24 15:59 <DIR> d-------- C:\DOCUME~1\josip\APPLIC~1\Symantec
2006-12-20 17:15 <DIR> d-------- C:\Program Files\Sierra On-Line
2006-12-18 16:56 <DIR> d-------- C:\Program Files\AviSynth 2.5
2006-12-10 08:35 <DIR> d-------- C:\Program Files\Common Files\SWF Studio


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-05 14:55 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-04 15:55 -------- d--h----- C:\Program Files\installshield installation information
2007-01-02 19:10 -------- d-------- C:\DOCUME~1\josip\Application Data\my games
2007-01-02 16:45 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-31 09:32 -------- d-------- C:\Program Files\symantec
2006-12-24 15:59 -------- d-------- C:\DOCUME~1\josip\Application Data\symantec
2006-12-20 16:18 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-14 17:57 -------- d-------- C:\DOCUME~1\josip\Application Data\identities
2006-11-26 10:55 -------- d-------- C:\DOCUME~1\josip\Application Data\nerovision
2006-11-14 17:43 -------- d---s---- C:\DOCUME~1\josip\Application Data\microsoft
2006-11-14 17:43 -------- d-------- C:\Program Files\mp3 player utilities
2006-11-12 08:54 50176 --a------ C:\WINDOWS\uninstyler.exe
2006-11-11 15:53 62208 --a------ C:\WINDOWS\iun1401.exe
2006-10-22 11:09 86528 --a------ C:\WINDOWS\bnetunin.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"WinampAgent"="f:\\Program Files\\Winamp\\winampa.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DATA BECKER Safe"="f:\\Program Files\\DATA BECKER\\Safe\\Safe.exe -taskbar"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061027-115548-768
O4 - HKLM\..\Run: [dmgvv.exe] C:\WINDOWS\System32\dmgvv.exe
backup-20061023-073900-195
O4 - HKLM\..\Run: [dmeir.exe] C:\WINDOWS\System32\dmeir.exe
backup-20061016-183135-153
O4 - HKLM\..\Run: [Setup] C:\Program Files\Setup\Setup.exe
backup-20061016-175050-351
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.101
backup-20061016-175050-508
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E201566-BCEE-4DA4-81F6-63F0BD0D286D}: NameServer = 85.255.116.70,85.255.112.101
backup-20061016-175050-955
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E201566-BCEE-4DA4-81F6-63F0BD0D286D}: NameServer = 85.255.116.70,85.255.112.101
backup-20061016-175050-176
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.101
backup-20061003-082615-200
O4 - Startup: PowerReg Scheduler.exe
backup-20061003-082615-108
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
backup-20061003-082615-805
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
backup-20061002-083844-864
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
backup-20061002-083844-127
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20061002-083844-885
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20061002-083844-753
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20061002-083844-746
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20061002-083844-671
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20061002-083844-618
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20061002-083844-835
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20061002-083844-230
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20060930-193735-462
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
backup-20060930-193735-319
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20060930-193735-230
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20060930-193735-518
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20060930-193735-187
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20060930-193735-884
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20060930-193735-958
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20060930-193735-887
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20060930-193735-178
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20060930-193315-647
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
backup-20060930-193315-910
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
backup-20060930-193315-624
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
backup-20060930-193315-701
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20060930-193315-631
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20060930-193315-962
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20060930-193315-485
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20060930-193315-434
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20060930-193315-611
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20060930-193315-455
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20060930-193315-310
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20060930-192859-518
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
backup-20060930-192859-276
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
backup-20060930-192859-846
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
backup-20060930-192858-911
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20060930-192858-794
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20060930-192858-178
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20060930-192858-377
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20060930-192858-531
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
backup-20060930-192858-589
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20060930-192858-348
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20060930-192858-743
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20060930-192858-569
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20060813-141019-607
O4 - HKCU\..\Run: [Trust Cleaner] "C:\Program Files\Trust Cleaner\Trust Cleaner.exe"
backup-20060714-131806-705
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
backup-20060714-131806-382
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5EC137A91A475760EA83FA5EF80752B94E3D7785F79452F3DC2 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
backup-20060714-131806-925
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
backup-20060713-105312-939
O3 - Toolbar: TrustIn Bar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\Program Files\trustin bar\trustin.dll
backup-20060713-105312-436
O2 - BHO: TrustIn Bar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\Program Files\trustin bar\trustin.dll
backup-20060713-105312-978
O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\inetloader.dll
backup-20060713-105312-326
O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\adsldps.dll
backup-20060610-161852-992
O17 - HKLM\System\CCS\Services\Tcpip\..\{421F4B8C-BFA5-4E0A-A698-A32DC27FA3DF}: NameServer = 195.29.150.3 195.29.150.4
backup-20060514-145237-359
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp3ED2.tmp
backup-20060514-145227-631
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp3ED2.tmp
backup-20060514-143637-221
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp3ED2.tmp
backup-20060514-143620-815
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
backup-20060514-143620-243
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp3ED2.tmp
backup-20060427-124019-123
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
backup-20060328-130637-673
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
backup-20060317-132634-913
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
backup-20060317-132634-776
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
backup-20060317-132634-528
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
backup-20060317-132634-756
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
backup-20060317-132634-730
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
backup-20060317-132634-875
O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c29 -w91
backup-20060302-142208-270
O4 - Startup: PowerReg Scheduler.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-05 15:01:26.45
 

·
Registered
Joined
·
40 Posts
Discussion Starter · #6 ·
Hey i was loking around the net and found the site "www.dll-files.com" where i downloaded the mising dll files so the HJT is runing but i stil need help vith the Bloodhound virus.

Hier is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 15:15:35, on 5.1.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\htpatch.exe
F:\Program Files\Winamp\winampa.exe
F:\Program Files\DATA BECKER\Safe\Safe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] f:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DATA BECKER Safe] f:\Program Files\DATA BECKER\Safe\Safe.exe -taskbar
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = F:\Tomislav\zabava\HoMM5\registration\RegistrationReminder.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BTW: Thanks for your help so far and sorry for bad english.
 

·
Registered
Joined
·
2,335 Posts
Wow. I don't like what I see in ComboFix. Please run this tool and post the log.


Fixwareout


Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe

or

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

  • Save it to your desktop and run it.
  • Click "Next", then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin: Please follow the prompts.
  • You will be asked to reboot your compute: Please do so.
  • Your system may take longer than usual to load and this is normal.


Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)




Please remember to close all other windows, including browsers then click Fix checked.


Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved



FOLLOW-UP

Please return and post these items:

Wareout log - (you can find it at C:\fixwareout\report.txt


NOTE: Should you experience Internet Connection problems, please follow these directions

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection
or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the
radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.
 

·
Registered
Joined
·
40 Posts
Discussion Starter · #8 ·
OK here is the fixwareout report but it is not the first one i lost the first report so i started fixwareout again and this is the second report.
Below him is the new HJT log but i dont understand which entries should i check from your last post can you repeat that.


Fixwareout
Last edited 1/1/2006
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
»»»»»
...
Reg Entries that were deleted
...
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\DMGVV.EXE 60,999 2002-08-29

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»

Logfile of HijackThis v1.99.1
Scan saved at 9:02:55, on 6.1.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\htpatch.exe
F:\Program Files\Winamp\winampa.exe
F:\Program Files\DATA BECKER\Safe\Safe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] f:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DATA BECKER Safe] f:\Program Files\DATA BECKER\Safe\Safe.exe -taskbar
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = F:\Tomislav\zabava\HoMM5\registrationa1\RegistrationReminder.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = F:\Tomislav\zabava\HoMM5\registration\RegistrationReminder.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
Registered
Joined
·
2,335 Posts
Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.



IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.


----------------------------------------

Wareout log was good. Let's clean out the rest of the system.


----------------------------------------

CLEAR HJT BACKUPS

Navigate to the HJT folder at C:\HijackThis. In the HJT folder you will see another folder Backups. Please delete only the contents
of the Backups folder, leaving the folder intact.

----------------------------------------

DOWNLOADS


CLEANUP! version 4.52 – TEMP FILE CLEANING


Please download Cleanup! and install it. You will use this later.

Alternative link Cleanup Alt


*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.



AVG Anti-Spyware 7.5



Please download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"





  1. Install AVG Anti-Spyware 7.5.
  2. Double-click the icon on Desktop to launch AVG A-S 7.5
  3. On the top of the main screen click Shield
  4. Click the word active to change it to inactive
  5. On the top of the main screen click Update.
  6. Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  7. I also recommend changing the "Update interval" to something more reasonable like 12 hours.

----------------------------------------

SAFE MODE RE-BOOT

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

----------------------------------------

FIXES AND DELETIONS


UNHIDE HIDDEN FILES

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

----------------------------------------
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\system32\dmgvv.exe
C:\WINDOWS\system32\csljl.exe

C:\WINDOWS\bnetunin.exe

C:\WINDOWS\uninstyler.exe
>>>This is a keylogger used to monitor computer and internet activity. Delete if
you did not install yourself


----------------------------------------

RUNNING SCANNERS


Cleanup

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
  • Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program and DO NOT reboot when prompted.


AVG Anti-Spyware 7.5

  • Run AVG A-s with it's updated definitions: (...it's important that all windows must be closed)
    This scan can take quite a while to run, so be prepared.
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.



  • When the scan is complete click Recommended Action and change it to Quarantine (1),
  • If not click Recommended Action and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)

When done, click the Save Scan Report button. (4) then click Save Report As and save it to your desktop.

IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.



Note: DO NOT USE the computer while AVG A/S is scanning. If Explorer or the Control Panel are opened some malware types will
reinfect your system or will not be cleaned properly.

----------------------------------------

SYSTEM RE-BOOT

Reboot into Normal Mode.

----------------------------------------


ON-LINE SCANS

Perform an online scan with Internet Explorer with Panda ActiveScan

  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


----------------------------------------

FOLLOW-UP

Please return and post these items in the order listed:


AVG A/S
Panda scan
A new HJT log run in Normal Mode


Please note: In order to properly see what is on your system, all HJT logs must be run in the normal mode

Please let me know how your system is behaving.
 

·
Registered
Joined
·
40 Posts
Discussion Starter · #10 ·
Ok i did what you said
but i did not have the time to do Panda scan (i am going to colege and the military basic training at the same time so i have 4 hours of free time a day)
i will post the scan tomorow if that is ok.
Here is the AVG and HJT logs

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:39:01 8.1.2007

+ Scan result:



C:\RECYCLER\NPROTECT\00029781.INF -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP109\A0112137.EXE -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0119322.EXE -> Adware.Whenu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP88\A0079280.exe -> Downloader.Agent.add : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086038.EXE -> Dropper.Small : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086039.EXE -> Dropper.Small : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086178.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00029023.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\RECYCLER\NPROTECT\00029024.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\RECYCLER\NPROTECT\00028948.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028950.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028953.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028957.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028961.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028965.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028969.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028975.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028979.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028994.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00028996.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029003.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029017.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029109.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029111.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029118.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029124.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029128.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029141.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029148.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029151.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029157.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029161.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\NPROTECT\00029014.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029015.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029016.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029011.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00029012.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00029013.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00028943.TXT -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\NPROTECT\00029019.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029020.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029021.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029022.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029026.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029027.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029028.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029029.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029030.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029031.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP100\A0100815.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP100\A0100825.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP101\A0100876.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP101\A0100892.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP102\A0101888.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP102\A0101914.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP102\A0102911.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP102\A0102924.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP102\A0103924.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP102\A0103969.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP102\A0103984.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP103\A0104037.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP103\A0104046.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP103\A0105048.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP103\A0105102.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP103\A0105108.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP103\A0105143.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP103\A0105185.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0105204.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0105213.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0105321.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0105330.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0105342.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0105348.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0106348.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0107348.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0107355.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0107361.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0107382.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0107419.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP104\A0107428.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP106\A0108426.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP108\A0108779.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP109\A0109774.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP109\A0110777.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP109\A0110913.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP109\A0110937.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP109\A0111932.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP109\A0112077.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP109\A0112145.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP110\A0113142.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP110\A0114142.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0114155.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0115155.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0116159.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0117159.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0117161.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0117167.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0118167.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0118200.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0119199.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0119205.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0119215.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0119261.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0119296.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP111\A0119328.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP112\A0119335.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP112\A0119346.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP88\A0079270.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP88\A0079284.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP88\A0079295.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP88\A0079306.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP88\A0079317.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0079335.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0079671.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0079714.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080714.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080723.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080731.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080740.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080749.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080757.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080766.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080777.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080788.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080797.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080805.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080815.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080826.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080832.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080842.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080868.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080877.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080886.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0080895.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081332.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081340.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081349.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081359.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081369.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081378.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081511.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081519.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081529.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081539.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0081549.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082549.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082557.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082570.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082580.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082589.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082599.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082609.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082617.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082626.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082643.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082666.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082677.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082689.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0082724.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0083724.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0083733.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0083751.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0083759.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0083767.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0083777.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0083785.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0083793.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0084793.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0084801.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0084840.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0084844.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0084854.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0084914.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0084963.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0085002.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0085018.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086018.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086180.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086370.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086378.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086389.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086398.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086406.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086414.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP89\A0086455.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0086464.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0086475.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0086512.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0086656.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0086677.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0086684.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0086692.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0086733.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0087733.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0087742.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0087832.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0087840.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0087938.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0087948.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0087954.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0087962.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0088962.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0088970.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0088978.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0088994.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0089006.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090003.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090023.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090033.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090043.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090118.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090132.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090164.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090194.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090226.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP90\A0090234.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090354.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090365.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090440.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090449.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090457.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090465.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090475.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090483.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090491.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0090499.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0091499.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0091507.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0091587.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0092001.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0092009.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0092026.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0092035.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0092045.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0092060.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0092070.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0092077.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0092132.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0093132.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0094132.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0095132.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0095147.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0095220.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP91\A0095226.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP92\A0096226.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP92\A0097228.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP92\A0098229.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP96\A0098432.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP96\A0099432.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP96\A0100432.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP96\A0100524.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP96\A0100533.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP98\A0100597.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP99\A0100663.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D83467D-F34F-4DE3-8E4A-E28642BDD30B}\RP99\A0100797.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 18:46:15, on 8.1.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\htpatch.exe
F:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] f:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DATA BECKER Safe] f:\Program Files\DATA BECKER\Safe\Safe.exe -taskbar
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = F:\Tomislav\zabava\HoMM5\registrationa1\RegistrationReminder.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = F:\Tomislav\zabava\HoMM5\registration\RegistrationReminder.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
Registered
Joined
·
40 Posts
Discussion Starter · #12 ·
Ok finaly done with the panda scan

Thank you for your understanding and your help

here is the log


Incident Status Location

Potentially unwanted tool:application/zango Not disinfected hkey_classes_root\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
Dialer:dialer.xd Not disinfected hkey_classes_root\clsid\{54645654-2225-4455-44A1-9F4543D34546}
Adware:adware/navhelper Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\josip\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\HijackThis\smit\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\HijackThis\smit\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\HijackThis\smit\SmitfraudFix(1).zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\HijackThis\smit\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\HijackThis\smitR\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\HijackThis\smitR\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\RECYCLER\NPROTECT\00029776.EXE
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\RECYCLER\NPROTECT\00029843.EXE
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00029980.TXT
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00030032.TXT
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
 

·
Registered
Joined
·
2,335 Posts
Very good. We have one minor item to deal with.

----------------------------------------

REGISTRY FIX

Download the attached tom.zip file at the bottom of this post to your desktop. Double click on the zip folder,
then double click on the .reg file within.
Click yes to allow it to merge into your registry.

----------------------------------------

Your logs are now clean. Please complete the next "housekeeping" steps and read through the information below.


----------------------------------------

Windows XP - Reset Hidden Files


  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

----------------------------------------

Clear IE's Cookies and Cache

  • Close all instances of Outlook Express and Internet Explorer.
  • Go to Control Panel » Internet Options » General tab.
  • Click the Delete Cookies.
  • Next to it, Click the Delete Files button.
  • When prompted, place a check in: Delete all offline content, click OK.

----------------------------------------

EMPTY NORTON PROTECTED RECYCLE BIN

Please visit Norton Protected Recycle Bin and follow the instructions.

----------------------------------------

Clean-out and Reset System Restore

This will clean out any junk or malicious files left behind in System Restore

  • To turn off System Restore click Start > Right Click My Computer > Properties.
  • Click the System Restore tab and Check
  • "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply.
  • When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

  • Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties.
  • Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
  • Click Apply, and then OK.

This will create a new Restore Point.

----------------------------------------

RE-ENABLE ANTI-SPYWARE APPLICATIONS

If you were instructed to dis-able Anti-spyware applications during this fix, you may re-enable them

----------------------------------------

Please read through the following information to help protect your computer in the future.


KEEP YOUR OPERATING SYSTEM UPDATED

Please ensure that you have already patched your system against the recent WMF exploit. Go to this page to get the KB912919 patch

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser
up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft
and download all the critical updates to help prevent possible re-infection.


ENABLE WINDOWS AUTO UPDATE

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".


ENABLE WINDOWS AUTO UPDATE

From within Internet Explorer click on the Tools menu and then click on Internet Options.
  • Select the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Select Custom Level .
      • Change 'Download signed ActiveX controls' to Prompt
      • Change 'Download unsigned ActiveX controls' to Disable
      • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
      • Change 'Installation of desktop items' to Prompt
      • Change 'Launching programs and files in an IFRAME' to Prompt
      • Change 'Navigate sub-frames across different domains' to Prompt
      • When all these changes have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Select OK to exit the Internet Properties page.



TOOLS TO HELP KEEP YOUR SYSTEM CLEAN

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
  • After you have updated, click the button - enable protection for all unprotected items


SpywareGuard to catch and block spyware before it can execute.


SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its
TeaTimer option.
This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with
the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here


AD-AWARE Download and install Ad-Aware. You should use this program to scan
your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product
can be found here


IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list.
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain

A tutorial for IE-SPYAD can be found here


MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file
with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to
those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
  • Click Next, click Next, select the option:
    "Show Extracted files"
  • Click Finish

This will open the newly created hosts folder on your Desktop.

Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated
HOSTS file to the correct location on your machine.


MCAFEE SITE ADVISOR SITE ADVISOR is a free IE plug-in (also suport for Firefox browser)
which is used in conjunction with the Google search engine. It advises which web sites are considered safe and which sites could pose a problem.
It also shows what problems were encountered with each site, such as malicious downloads, spam, and related links.


ANTI-VIRUS AND FIREWALL PROGRAMS


ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial

Here are some very good free Antivirus products which are available:




If you do not have a firewall, here are 4 free ones available for personal use:

Understanding and Using Firewalls



INFORMATIONAL READING


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:




Please respond one more time and let me know you received this post so it can be marked resolved



If you feel that we have helped you, please help us keep this site free for all. Please visit our DONATION PAGE.
 

Attachments

·
Registered
Joined
·
40 Posts
Discussion Starter · #14 ·
Thank you for your help

My computer is runing faster then befor and i will finish all the "housekeeping" steps you mentiond in your last post

BYE
 
1 - 15 of 15 Posts
Status
Not open for further replies.
Top