1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

85 viruses

Discussion in 'Windows XP' started by lwend5763, Jan 19, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. lwend5763

    lwend5763 Thread Starter

    Joined:
    Jul 9, 2003
    Messages:
    246
    ok i think i got rid of the viruses....but still have the malware and adware in the registry. i loaded and ran adware se, spybot search and destroy, ewido suite. ran cleanup. now can you help me out with the hijack this. thanks! oh and there was about 50 things loading on start up! took 20 minutes to start the computer up!!!! i have them turned off but there are a lot of stuff that keeps on turning on......was a lot of porn stuff on here. dont leave a bunch of teenagers home with a computer alone!!!!!!!!!!



    Logfile of HijackThis v1.99.1
    Scan saved at 6:58:28 PM, on 1/19/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Navnt\defwatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\Navnt\rtvscan.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Navnt\vpexrt.exe
    C:\WINNT\System32\ctfmon.exe
    C:\WINNT\System32\cnilmba.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
    O1 - Hosts: 
    O1 - Hosts: U>ÚådåÇãº^¶ŠaƒÀ1_>²
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\cfgmgr52.dll (file missing)
    O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll
    O2 - BHO: (no name) - {33A5AEC4-77B1-FE70-7430-D5A2ABD84459} - C:\WINNT\Jqmgxdxr.dll (file missing)
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {B794A775-10C0-4734-B048-4D0140EB7EB9} - C:\WINNT\System32\whslzanm.dll
    O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
    O3 - Toolbar: Search - {B43EB1BE-2498-230B-3EB4-FB35D898FE0A} - C:\WINNT\Jqmgxdxr.dll (file missing)
    O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe
    O4 - HKLM\..\RunServices: [Windows Processe Message] procmsg.exe
    O4 - HKLM\..\RunServices: [Windows Executable] winmys.exe
    O4 - HKLM\..\RunServices: [Compaqs Service Drivers] compqs.exe
    O4 - HKLM\..\RunServices: [Internet Services] interserv.exe
    O4 - HKLM\..\RunServices: [csrss] csrss.exe
    O4 - HKLM\..\RunServices: [Value Name] sms.exe
    O4 - HKLM\..\RunServices: [CPU Buffer] CPUBuffer.exe
    O4 - HKCU\..\RunServices: [Windows Processe Manager] mspn32.exe
    O4 - HKCU\..\RunServices: [Windows Processe Message] procmsg.exe
    O4 - HKCU\..\RunServices: [Compaqs Service Drivers] compqs.exe
    O4 - HKCU\..\RunServices: [Internet Services] interserv.exe
    O4 - HKCU\..\RunServices: [csrss] csrss.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O20 - Winlogon Notify: IPConfTSP - C:\WINNT\system32\kquser.dll
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\Navnt\rtvscan.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
    O23 - Service: ZipToA - Unknown owner - C:\WINNT\System32\ZipToA.exe (file missing)
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    HiJackThis is runing from a temp directory and must be moved to run correctly

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    ==============
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
    ================

    Is your Norton current ???????????
     
  3. lwend5763

    lwend5763 Thread Starter

    Joined:
    Jul 9, 2003
    Messages:
    246
    well had a rough time...had to run spykiller in safe mode otherwise the computer would shut off to protect it. so i checked the nortons and its the corperate version and i cant use live update to update....i would like to use AVG but i know that nortons is hard to remove. any suggestions? i still didint get rid of a couple of the pop-ups.

    i should probably run the spykiller again now that i was able to get back on line.
    file of HijackThis v1.99.1
    Scan saved at 11:59:17 AM, on 1/20/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Navnt\defwatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\Navnt\rtvscan.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\wanmpsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\System32\ctfmon.exe
    C:\WINNT\System32\wuauclt.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\Program Files\Navnt\vptray.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
    F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: (no name) - {33A5AEC4-77B1-FE70-7430-D5A2ABD84459} - C:\WINNT\Jqmgxdxr.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
    O3 - Toolbar: Search - {B43EB1BE-2498-230B-3EB4-FB35D898FE0A} - C:\WINNT\Jqmgxdxr.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe
    O4 - HKLM\..\RunServices: [csrss] csrss.exe
    O4 - HKLM\..\RunServices: [Value Name] sms.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\RunServices: [Windows Processe Manager] mspn32.exe
    O4 - HKCU\..\RunServices: [csrss] csrss.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137716304297
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O20 - Winlogon Notify: MCD - C:\WINNT\system32\htetwiz.dll (file missing)
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\Navnt\rtvscan.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
    O23 - Service: ZipToA - Unknown owner - C:\WINNT\System32\ZipToA.exe (file missing)
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    http://www.noidea.us/easyfile/index.php?folder=2

    download Nailfix.zip
    Unzip it to the desktop but do NOT run it yet.

    Restart in safe mode

    Now in Safe Mode:
    Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

    Boot to normal mode

    download http://www.mvps.org/winhelp2002/DelDomains.inf

    Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

    Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - Default URLSearchHook is missing

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe

    O2 - BHO: (no name) - {33A5AEC4-77B1-FE70-7430-D5A2ABD84459} - C:\WINNT\Jqmgxdxr.dll (file missing)

    O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll

    O3 - Toolbar: Search - {B43EB1BE-2498-230B-3EB4-FB35D898FE0A} - C:\WINNT\Jqmgxdxr.dll (file missing)

    O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll

    O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe

    O4 - HKLM\..\RunServices: [csrss] csrss.exe

    O4 - HKLM\..\RunServices: [Value Name] sms.exe

    O4 - HKCU\..\RunServices: [Windows Processe Manager] mspn32.exe

    O4 - HKCU\..\RunServices: [csrss] csrss.exe

    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab

    O20 - Winlogon Notify: MCD - C:\WINNT\system32\htetwiz.dll (file missing)

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\TBONAS
    C:\WINNT\Nail.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  5. lwend5763

    lwend5763 Thread Starter

    Joined:
    Jul 9, 2003
    Messages:
    246
    ok accomplished all that you gave me.......here are some things i encountered...the nail.exe was blocked and cleaned by ewido...after rebooting from safe mode the first time after downloading nailfix.......

    the first time i ran spykiller it removed many many many files....i rebooted before i had a chance to copy what it did...after deleting from hjt upon restart i get a application error for drwtson32.exe and it terminates. message on every restart on the minumal virtual memory being to low and that some applications will not be run....restart takes about 10 minutes. could this be from ewido and spykiller starting up?

    also, what should i do about the virus protection i have that cant be updated. i also see that i have macfee virus scan too. i havent tried to run it cause i thought there woulod be a conflict.

    should i go run the online scan? i did this once before i started to get rid of my problems but it froze up before i could do anything.

    only thing i have starting up in the msconfig is jusched, spysweeper, ctfmon. there are many many things in the startup list. they look like risky things.


    here is my hjt log. what else can i tell you???Logfile of HijackThis v1.99.1
    Scan saved at 7:00:17 PM, on 1/20/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Navnt\defwatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\Navnt\rtvscan.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Navnt\vpexrt.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\System32\ctfmon.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINNT\System32\drwtsn32.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137716304297
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\Navnt\rtvscan.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
    O23 - Service: ZipToA - Unknown owner - C:\WINNT\System32\ZipToA.exe (file missing)
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,735
    First Name:
    Frank
    Per this statement

    there was about 50 things loading on start up! took 20 minutes to start the computer up!!!! i have them turned off but there are a lot of stuff that keeps on turning on......was a lot of porn stuff on here.

    you made when you started your post, we have no way of knowing all the entries that are listed in the MSCONFIG "Startup" tab. You need to recheck them all, reboot, then post a new log.

    -------------------------------------------------------------------------------------

    Once all the spyware and other "nasties" are cleaned out of your computer, you need to make the upgrade to Windows XP Service Pack 2.

    When was the last time that you did a scan at the Windows Updates site and installed all the critical updates that were available?

    --------------------------------------------------------------------------------------
     
  7. lwend5763

    lwend5763 Thread Starter

    Joined:
    Jul 9, 2003
    Messages:
    246
    the last time i ran windows update was two days ago.i thought they all downloaded.

    if i check all in the msconfig startup will that reinfect my computer? the computer had a hard time restarting upon my last post. had to restart several times before it booted totally up.
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  9. lwend5763

    lwend5763 Thread Starter

    Joined:
    Jul 9, 2003
    Messages:
    246
    -------------------------------------------------------------------------------
    so this is pretty horrible!


    KASPERSKY ON-LINE SCANNER REPORT
    Saturday, January 21, 2006 16:34:51
    Operating System: Microsoft Windows XP Professional, (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 21/01/2006
    Kaspersky Anti-Virus database records: 161848
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 57158
    Number of viruses found: 38
    Number of infected objects: 310
    Number of suspicious objects: 0
    Duration of the scan process: 4456 sec

    Infected Object Name - Virus Name
    C:\WINNT\system32\KlqhY6Je.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\newexp Infected: Trojan-Dropper.Win32.Agent.hl
    C:\WINNT\system32\SrtM36.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\JqvGnf.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Gxf524W7.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Jhnh4p.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Xszv.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Wpdbbw.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Vpos51.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Cij14Y6.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Folb0.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\CvrRY0ko.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Sygate.exe Infected: Backdoor.Win32.Rbot.gen
    C:\WINNT\system32\sms.exe Infected: Backdoor.Win32.Rbot.gen
    C:\WINNT\system32\Ikf8F62.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\inis_p.exe Infected: Trojan-Spy.Win32.VB.eh
    C:\WINNT\system32\tapdsb.exe Infected: Trojan-Spy.Win32.VB.eh
    C:\WINNT\system32\Joys6.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\2bundle.exe Infected: Trojan-Dropper.Win32.Agent.hl
    C:\WINNT\system32\Tovs.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\NguSS.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Wzl0J.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\Hse4U.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\system32\typads.exe Infected: Trojan-Spy.Win32.VB.eh
    C:\WINNT\system32\mediapluscash.exe Infected: Trojan-Dropper.Win32.Agent.hl
    C:\WINNT\system32\xxoint.exe Infected: Trojan-Spy.Win32.VB.eh
    C:\WINNT\system32\102_marketingsector_4_0_3_7.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
    C:\WINNT\system32\102_marketingsector_4_0_3_7.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
    C:\WINNT\system32\w32bclnt.exe Infected: Trojan.Win32.Crypt.t
    C:\WINNT\system32\Xoxfye5.exe Infected: Trojan-Downloader.Win32.VB.em
    C:\WINNT\SYS98.exe Infected: Trojan.Win32.VB.tg
    C:\WINNT\SysCheckBop32.exe Infected: Trojan.Win32.VB.tg
    C:\WINNT\ms05704899477.exe Infected: Trojan-Downloader.Win32.VB.tw
    C:\Program Files\support.com\client\backup\sv\svcproc.exe\6656_5a19322fb_/svcproc.exe Infected: Trojan.Win32.Stervis.e
    C:\Program Files\support.com\client\backup\sv\svcproc.exe\6656_5a19322fb_ Infected: Trojan.Win32.Stervis.e
    C:\Program Files\omto\nasu.exe Infected: Trojan-Downloader.Win32.PurityScan.an
    C:\Program Files\Navnt\Quarantine\0D880068.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880069.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88006A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88006B.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88006C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88006D.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88006E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88006F.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880070.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0EB80000.VBN Infected: Backdoor.Win32.Rbot.gen
    C:\Program Files\Navnt\Quarantine\0D880000.VBN Infected: Backdoor.Win32.Rbot.gen
    C:\Program Files\Navnt\Quarantine\0D880001.VBN Infected: Backdoor.Win32.SdBot.yx
    C:\Program Files\Navnt\Quarantine\0D880002.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880003.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880004.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880005.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880006.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880007.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880008.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880009.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88000A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88000B.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88000C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88000D.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88000E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88000F.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880010.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880011.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880012.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880013.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880014.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880015.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880016.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880017.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880018.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880019.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88001A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88001B.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88001C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88001D.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88001E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88001F.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880020.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880021.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880022.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880023.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880024.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880025.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880026.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880027.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880028.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880029.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88002A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88002B.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88002C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88002D.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88002E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88002F.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880030.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880031.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880032.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880033.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880034.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880035.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880036.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880037.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880038.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880039.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88003A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88003B.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88003C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88003D.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88003E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88003F.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880040.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880041.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880042.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880043.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880044.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880045.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880046.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880047.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880048.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880049.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88004A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88004B.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88004C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88004D.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88004E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88004F.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880050.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880051.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880052.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880053.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880054.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880055.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880056.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880057.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880058.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880059.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88005A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88005B.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88005C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88005D.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88005E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88005F.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880060.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880061.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880062.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880063.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880064.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880065.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880066.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880067.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880071.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880072.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880073.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880074.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880075.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880076.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880077.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880078.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880079.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88007A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88007B.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88007C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88007D.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88007E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D88007F.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880080.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880081.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880082.VBN Infected: Backdoor.Win32.SdBot.yx
    C:\Program Files\Navnt\Quarantine\0D880083.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\0D880084.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00000.VBN Infected: Backdoor.Win32.Rbot.gen
    C:\Program Files\Navnt\Quarantine\05B00002.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00004.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00006.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00008.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0000A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0000C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0000E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00010.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00012.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00014.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00016.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00018.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0001A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0001C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0001E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00020.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00022.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00024.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00026.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00028.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0002A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0002C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0002E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00030.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00032.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00034.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00036.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00038.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0003A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0003C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0003E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00040.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00042.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00044.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00046.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00048.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0004A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0004C.VBN Infected: Backdoor.Win32.Rbot.gen
    C:\Program Files\Navnt\Quarantine\05B0004E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00050.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00052.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00054.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00056.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00058.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0005A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0005C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0005E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00060.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00062.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00064.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00066.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00068.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0006A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0006C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0006E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00070.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00072.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00074.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00076.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00078.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0007A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0007C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0007E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00080.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00082.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00084.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00086.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00088.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0008A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0008C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0008E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00090.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00092.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00094.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00096.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B00098.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0009A.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0009C.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B0009E.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B000A0.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B000A2.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B000A4.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B000A6.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Navnt\Quarantine\05B000A8.VBN Infected: Rootkit.Win32.Agent.l
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp\libexpat.dll Infected: Trojan.Win32.Pakes
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp\uninstaller.exe Infected: Trojan.Win32.Pakes
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp\atl.dll Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP214\A0277755.exe Infected: Backdoor.Win32.SdBot.gen
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP214\A0277756.exe Infected: Backdoor.Win32.Rbot.gen
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP214\A0277757.exe Infected: Backdoor.Win32.Rbot.adf
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP214\A0277758.exe Infected: Backdoor.Win32.Rbot.gen
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP214\A0277759.exe Infected: Backdoor.Win32.Rbot.or
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0277841.dll Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0277849.exe Infected: Trojan.Win32.Poler.a
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0277850.exe Infected: Trojan.Win32.Poler.a
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0278841.dll Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0278842.dll Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0278847.exe Infected: Trojan.Win32.Poler.a
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279846.exe Infected: Trojan.Win32.Poler.a
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279851.exe Infected: Trojan-Downloader.Win32.Small.bqq
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279854.exe Infected: Trojan-Downloader.Win32.Small.bqq
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279868.dll Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279869.dll Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279870.exe Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279871.dll Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279872.exe Infected: Trojan-Downloader.Win32.Apropo.g
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279873.dll Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279874.dll Infected: Trojan.Win32.Crypt.t
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279881.exe Infected: Trojan-Downloader.Win32.VB.jl
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279888.exe Infected: Trojan-Downloader.Win32.Intexp.d
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279890.dll Infected: Trojan-Downloader.Win32.Qoologic.ae
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279891.exe Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279892.dll Infected: Trojan-Downloader.Win32.Qoologic.af
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279893.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279894.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279895.exe Infected: Trojan-Dropper.Win32.Agent.hl
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279896.exe Infected: Trojan-Dropper.Win32.Agent.hl
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279899.exe Infected: Trojan-Downloader.Win32.VB.id
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279906.dll Infected: Trojan.Win32.Septic.a
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279908.exe Infected: Trojan-Dropper.Win32.Agent.hl
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279910.exe/data0002/data0002 Infected: Trojan.Win32.Agent.az
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279910.exe/data0002 Infected: Trojan.Win32.Agent.az
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279910.exe Infected: Trojan.Win32.Agent.az
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279917.exe Infected: Trojan-Downloader.Win32.Dyfuca.ep
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279918.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279920.exe Infected: Trojan-Downloader.Win32.Small.abd
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279921.exe Infected: Trojan-Downloader.Win32.Small.abd
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279922.exe Infected: Trojan-Downloader.Win32.IstBar.gen
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279923.exe Infected: Trojan-Downloader.Win32.IstBar.is
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279924.dll Infected: Trojan-Clicker.Win32.Small.ez
    C:\System Volume Information\_restore{72F358B2-03D6-4DDD-925D-C42212F78640}\RP215\A0279927.exe Infected: Trojan.Win32.EliteBar.c
    C:\redit.exe Infected: Backdoor.Win32.SdBot.gen
    C:\helpw.exe Infected: IM-Worm.Win32.Kelvir.al
    C:\msn200099.exe Infected: IM-Worm.Win32.Kelvir.av
    C:\msn200099999.exe Infected: IM-Worm.Win32.Kelvir.av
    C:\dnx.exe Infected: IM-Worm.Win32.Kelvir.al
    C:\imskyhigh.exe Infected: Backdoor.Win32.Rbot.gen
    C:\immort.exe Infected: Backdoor.Win32.Rbot.gen
    C:\firewallup.exe Infected: Trojan.Win32.LowZones.j

    Scan process completed.
     
  10. lwend5763

    lwend5763 Thread Starter

    Joined:
    Jul 9, 2003
    Messages:
    246
    hjt log
    Logfile of HijackThis v1.99.1
    Scan saved at 4:38:04 PM, on 1/21/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Navnt\defwatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\Navnt\rtvscan.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\System32\ctfmon.exe
    C:\PROGRA~1\Navnt\vpexrt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINNT\System32\drwtsn32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f547.mail.yahoo.com/ym/login?.rand=b589da2jhg575
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137716304297
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\Navnt\rtvscan.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
    O23 - Service: ZipToA - Unknown owner - C:\WINNT\System32\ZipToA.exe (file missing)
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  12. gmcsierra99

    gmcsierra99 Banned

    Joined:
    Dec 7, 2005
    Messages:
    2,611
    i might be wrong, but if you dont any Service Packs that might be why you have all them viruses. because your computer is very vulnerable.
     
  13. lwend5763

    lwend5763 Thread Starter

    Joined:
    Jul 9, 2003
    Messages:
    246
    ok....uninstalled nortons.....went in and deleted all the files that it said did not get deleted......upon restart.....which has taken 10 minutes, i'm getting the drwtsn32.exe application error. then the low virtual memory error. couldnt get anything to start up so i'm on a restart currently. i noticed in a couple of my hjt logs that the drwtsn32.exe comes up several times. can this be repaired or removed????? the update of one service pack did get loaded on the last startup. seems like i've done that serveral times though.
     
  14. lwend5763

    lwend5763 Thread Starter

    Joined:
    Jul 9, 2003
    Messages:
    246
    ok here is the latest.....turned off the ewido suite and the spykiller to get the avg loaded and ran. came up with 85 trojans....said that it healed them then i went in to the vault and deleted them. going to run cleanup and reboot....should i turn off the ewido and the spykiller and run them only when needed? avg is up and running with no conflicts!

    again any suggestions ont he drwtn32.exe program?

    thanks for all you help i feel like i've started to make some head way!!!!!



    Logfile of HijackThis v1.99.1
    Scan saved at 7:33:36 PM, on 1/21/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINNT\System32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINNT\System32\drwtsn32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f547.mail.yahoo.com/ym/login?.rand=b589da2jhg575
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137716304297
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
    O23 - Service: ZipToA - Unknown owner - C:\WINNT\System32\ZipToA.exe (file missing)
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Run the Kaspersky scan again and post it's log

    You can un-install Ewido now

    You should start getting the critical updates from MS
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435527

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice