Tech Support banner

Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter #1
Hello all,
First time user of this wonderful site thx to all in advance...

I am trying to finish removing the MyFunWeb Products and MyWebSearch from system any help would be great.
Thx, Bigmoo..

Logfile of HijackThis v1.99.1
Scan saved at 1:53:43 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\RacerX\Desktop\hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dlgmxywksujybdnvc.com/0t...y/kkBdWuzPUK_74yd6ciNOaY7_nlE8iCMFx3ELLv.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hvvzobqpqcswlajkezsszwb.com/0tOZzNimub9/vUPNupZsPpyN8EAIP2dX1xLbM7WWJEM.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoker.com/installstart.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://hkmfwoelypdlkwdutgamrxizj.com/0tOZzNimub9/vUPNupZsPtfOPa_IS8xs1xLbM7WWJEM.htm"); (C:\Documents and Settings\RacerX\Application Data\Mozilla\Profiles\default\zeew3iw7.slt\prefs.js)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O2 - BHO: (no name) - {01C0BDA6-3494-234F-BE31-1AFE14745346} - C:\DOCUME~1\RacerX\APPLIC~1\METASE~1\dogbolt.exe (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: (no name) - {5A034800-A94A-2717-E808-0118D0A1CB8A} - C:\PROGRA~1\METASE~1\dogbolt.exe (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm376YYUS
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
If you have these in Add/Remove programs, then uninstall them:

MyWebSearch
Weatherbug
Messenger Plus



Have HijackThis fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dlgmxywksujybdnvc.com/0t...iCMFx3ELLv.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hvvzobqpqcswlajkezsszwb....xLbM7WWJEM.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoker.com/installstart.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://hkmfwoelypdlkwdutgamrxizj.com/0tOZzNimub9/vUPNupZsPtfOPa_IS8xs1xLbM7WWJEM.htm"); (C:\Documents and Settings\RacerX\Application Data\Mozilla\Profiles\default\zeew3iw7.slt\prefs.j s)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O2 - BHO: (no name) - {01C0BDA6-3494-234F-BE31-1AFE14745346} - C:\DOCUME~1\RacerX\APPLIC~1\METASE~1\dogbolt.exe (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: (no name) - {5A034800-A94A-2717-E808-0118D0A1CB8A} - C:\PROGRA~1\METASE~1\dogbolt.exe (file missing)
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZRxdm376YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?



If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\Program Files\MyWebSearch\
    C:\DOCUME~1\RacerX\APPLIC~1\METASE~1\


  1. Go to Start> Run - type cleanmgr (this starts Windows DiskCleanup)
  2. Select Drive C: & click the 'OK' button
  3. Select the following options:
    • Temporary Internet Files
      [*] Recycle Bin
      [*] Temporary Files
  4. Click the 'OK' button


Perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        • Standard
      • Scan Options:
        • Scan Archives
        • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


Download fl.zip.
Extract the contents to a new folder on Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply


I expect these logs in your next reply

New HJT log
Online scan report
TrendMicro's AntiSpyware log
Findlop.txt
 

·
Registered
Joined
·
4 Posts
Discussion Starter #3
Ready for next step... Info attached

Ok.. I have completed all instructions as requested except for the fl.zip due to my inability to locate it... So, here are the other two.. (I did not include the trendmiro because there was nothing in the log.. guess nothing was found to report. It showed nothing.)


KASPERSKY ON-LINE SCANNER REPORT
Monday, September 19, 2005 19:04:22
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 20/09/2005
Kaspersky Anti-Virus database records: 141053
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 35961
Number of viruses found: 19
Number of infected objects: 206
Number of suspicious objects: 0
Duration of the scan process: 2548 sec

Infected Object Name - Virus Name
C:\Documents and Settings\RacerX\Local Settings\Temp\mmubwojv.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06E84BE0.exe Infected: Trojan-Downloader.Win32.Swizzor.dp
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A1665B7.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\127907DF.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\167979C4.exe Infected: Trojan-Downloader.Win32.Swizzor.bn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\167C23C1.exe Infected: Trojan-Downloader.Win32.Swizzor.bn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\168277B9.exe Infected: Trojan-Downloader.Win32.Swizzor.cc
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\168621B6.exe Infected: Trojan-Downloader.Win32.Swizzor.bn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16894BB2.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\168C75AF.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16901FAB.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\169349A8.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\169673A4.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16991DA0.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\169D479D.exe Infected: Trojan-Downloader.Win32.Swizzor.dp
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16A07199.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16A31B96.exe Infected: Trojan.Win32.Krepper.ab
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16A64592.exe Infected: Trojan-Downloader.Win32.Swizzor.cc
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16AA6F8E.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16AD198B.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D2D0FBB.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\352A3BDB.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\359031E3.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38BD4BBA.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4CB129E0.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4FDE43B7.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\504439BE.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5B6E7FB5.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\659F33EE.exe Infected: Trojan-Proxy.Win32.Delf.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65A507E7.exe Infected: Trojan-Proxy.Win32.Delf.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F093D92.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F0F118B.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F133B87.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F190F80.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F1C397D.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F206379.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F263772.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F370960.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F3A335C.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F3D5D59.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F443151.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F4A054A.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F4D2F47.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F515943.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F625DDC.exe Infected: Trojan-Downloader.Win32.Swizzor.cm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\735B63C2.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AF219DA.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B580FE2.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046016.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046018.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046019.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046021.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046022.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046023.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046025.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046026.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046027.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP527\A0046028.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP528\A0046034.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP528\A0046036.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP528\A0046037.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP528\A0046040.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP528\A0046041.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP528\A0046042.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP528\A0046046.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP528\A0046047.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP528\A0046048.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046055.exe Infected: Trojan-Downloader.Win32.Swizzor.dk
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046057.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046058.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046061.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046062.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046063.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046064.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046068.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046069.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP529\A0046070.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048090.exe Infected: Trojan-Downloader.Win32.Swizzor.dk
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048092.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048093.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048094.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048097.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048098.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048099.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048100.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048102.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048103.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP533\A0048104.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049086.exe Infected: Trojan-Downloader.Win32.Swizzor.dp
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049088.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049089.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049090.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049091.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049094.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049095.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049096.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049097.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049099.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049100.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP538\A0049101.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052424.exe Infected: Trojan-Downloader.Win32.Swizzor.dp
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052426.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052427.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052428.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052429.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052432.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052433.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052434.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052435.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052436.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052438.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052439.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP558\A0052440.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052467.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052469.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052470.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052471.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052472.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052475.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052476.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052477.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052478.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052479.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052480.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052482.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052483.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP561\A0052484.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053497.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053500.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053501.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053502.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053503.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053506.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053507.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053508.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053509.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053510.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053511.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053513.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053514.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP564\A0053515.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053543.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053546.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053547.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053548.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053549.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053552.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053554.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053555.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053556.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053557.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053558.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053562.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053563.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP567\A0053564.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053620.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053623.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053624.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053625.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053626.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053630.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053632.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053633.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053634.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053635.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053636.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053640.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053641.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP575\A0053642.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053678.exe Infected: Trojan-Proxy.Win32.Delf.h
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053679.exe Infected: Trojan-Proxy.Win32.Delf.h
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053682.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053685.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053686.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053687.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053688.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053691.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053694.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053697.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053699.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053700.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053701.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053702.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053703.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053705.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053706.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053708.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053710.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP577\A0053711.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056037.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056038.exe Infected: Trojan-Downloader.Win32.Swizzor.cc
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056039.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056040.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056041.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056042.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056043.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056044.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056045.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056046.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056047.exe Infected: Trojan-Downloader.Win32.Swizzor.cm
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056048.exe Infected: Trojan.Win32.Krepper.ab
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056049.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056050.exe Infected: Trojan-Downloader.Win32.Swizzor.cc
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056051.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056052.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{DF6BBF9C-E38B-4596-9AD0-897CEBCF41C0}\RP585\A0056053.exe Infected: Trojan-Downloader.Win32.Swizzor.dj


Logfile of HijackThis v1.99.1
Scan saved at 8:13:38 PM, on 9/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\RacerX\Desktop\hijackthis\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E149C809-30F6-4566-9858-35214BFC4B7A}: NameServer = 67.36.13.26 66.73.20.40
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
 

·
Registered
Joined
·
4 Posts
Discussion Starter #5
OK here is the fl.zip

Below is the findlop log.. If you get the time cold you also explain what it is?

Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\Administrator\Application Data

02/02/2004 11:48 AM <DIR> Identities
0 File(s) 0 bytes
1 Dir(s) 33,241,575,424 bytes free
Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\All Users\Application Data

08/28/2005 07:32 PM <DIR> axis kind bib window
03/01/2005 09:47 PM 774 hpzinstall.log
07/23/2004 06:17 AM <DIR> MSN6
10/04/2004 07:19 PM <DIR> Proc Jump Math Base
07/22/2004 02:25 AM <DIR> QuickTime
08/28/2005 06:09 PM <DIR> Symantec
07/13/2005 06:55 PM <DIR> Yahoo!
1 File(s) 774 bytes
6 Dir(s) 33,241,571,328 bytes free
Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\RacerX\Application Data

02/02/2004 10:25 PM <DIR> Adobe
02/08/2004 02:05 PM <DIR> Help
02/02/2004 12:27 PM <DIR> Identities
02/02/2004 10:25 PM <DIR> InterTrust
07/26/2005 07:53 PM <DIR> Lavasoft
02/02/2004 09:10 PM <DIR> Macromedia
08/28/2005 07:32 PM <DIR> Meta Setup The
09/15/2004 08:48 PM <DIR> Microsoft Web Folders
02/02/2004 10:24 PM <DIR> Mozilla
07/23/2004 06:17 AM <DIR> MSN6
08/28/2005 06:13 PM <DIR> Symantec
09/19/2005 07:22 PM <DIR> Trend Micro
08/28/2005 07:32 PM <DIR> Type bits list
11/29/2004 09:11 PM <DIR> Yahoo!
10/01/2004 12:06 AM <DIR> Yahoo! Messenger
0 File(s) 0 bytes
15 Dir(s) 33,241,571,328 bytes free
Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\Default User\Application Data

01/31/2004 06:57 AM <DIR> .
01/31/2004 06:57 AM <DIR> ..
02/01/2004 11:28 AM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 33,241,571,328 bytes free
Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\NetworkService\Application Data

Thx
Bigmoo
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
You have ran fl.bat incorrectly. Please stick to instructions & extract the contents of fl.zip to a new folder before running it.
 

·
Registered
Joined
·
4 Posts
Discussion Starter #7
OK here is NEW FL log

I am most SORRY for the mistake... Thought I had done it per instructions just saved it to a drive on accident. Anyways, here goes...


Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\Administrator\Application Data

02/02/2004 11:48 AM <DIR> Identities
0 File(s) 0 bytes
1 Dir(s) 33,240,416,256 bytes free
Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\All Users\Application Data

08/28/2005 07:32 PM <DIR> axis kind bib window
03/01/2005 09:47 PM 774 hpzinstall.log
07/23/2004 06:17 AM <DIR> MSN6
10/04/2004 07:19 PM <DIR> Proc Jump Math Base
07/22/2004 02:25 AM <DIR> QuickTime
08/28/2005 06:09 PM <DIR> Symantec
07/13/2005 06:55 PM <DIR> Yahoo!
1 File(s) 774 bytes
6 Dir(s) 33,240,412,160 bytes free
Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\RacerX\Application Data

02/02/2004 10:25 PM <DIR> Adobe
02/08/2004 02:05 PM <DIR> Help
02/02/2004 12:27 PM <DIR> Identities
02/02/2004 10:25 PM <DIR> InterTrust
07/26/2005 07:53 PM <DIR> Lavasoft
02/02/2004 09:10 PM <DIR> Macromedia
08/28/2005 07:32 PM <DIR> Meta Setup The
09/15/2004 08:48 PM <DIR> Microsoft Web Folders
02/02/2004 10:24 PM <DIR> Mozilla
07/23/2004 06:17 AM <DIR> MSN6
08/28/2005 06:13 PM <DIR> Symantec
09/19/2005 07:22 PM <DIR> Trend Micro
08/28/2005 07:32 PM <DIR> Type bits list
11/29/2004 09:11 PM <DIR> Yahoo!
10/01/2004 12:06 AM <DIR> Yahoo! Messenger
0 File(s) 0 bytes
15 Dir(s) 33,240,412,160 bytes free
Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\Default User\Application Data

01/31/2004 06:57 AM <DIR> .
01/31/2004 06:57 AM <DIR> ..
02/01/2004 11:28 AM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 33,240,412,160 bytes free
Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is B81E-AECA

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job '35720216D1F21692.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\racerx\applic~1\typebi~1\site bin draw.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'RacerX'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 09/20/2005 18:00:00
StartError: 0x80090016
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/09/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job '8CF1D5DD9E367765.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\progra~1\typebi~1\site bin draw.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'RacerX'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/14/2004 18:00:00
NextRun: 09/20/2005 18:00:00
StartError: 0x80090016
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/09/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job '8F97AF6BB3A051DB.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\progra~1\typebi~1\site bin draw.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'RacerX'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/14/2004 18:00:01
NextRun: 09/20/2005 18:00:00
StartError: 0x80090016
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/10/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Norton AntiVirus - Scan my computer - RacerX.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe'
Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'RacerX'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 09/23/2005 21:00:00
StartError: 0x80090016
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 08/28/2005
EndDate: 00/00/0000
StartTime: 21:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'RacerX'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 09/20/2005 17:11:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 09/20/2005
EndDate: 00/00/0000
StartTime: 17:11
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Before we proceed, Kaspersky found a lot of infected files in Norton's quarantine folder & System Restore's cache. Let's clear that up or the next scan will pick it up again.

Please use Symantec's guide to remove the Quarantine files.

CLEAR & RESET SYSTEM RESTORE'S CACHE
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
  • Tick on the checkbox - Turn off System Restore on all drives
  • Click Apply
Turn it back 'On' by unticking the same checkbox & click OK


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Please download these additional files/programs.

CleanUp.exe - Install.

KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Locate & delete these folders:

C:\Documents and Settings\All Users\Application Data\axis kind bib window
C:\Documents and Settings\All Users\Application Data\Proc Jump Math Base
C:\Documents and Settings\RacerX\Application Data\Meta Setup The
C:\Documents and Settings\RacerX\Application Data\Type bits list



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run KillBox & paste the following locations into KillBox:
  • C:\Windows\Tasks\8F97AF6BB3A051DB.job
  1. Checkmark the box - Standard File Kill
  2. Click the RED X button

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:
  • HiJackThis log
    [*] Online Scan
    [*] Trend's Antispyware.log
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top