Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Wrong website opens when I click on a link

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Wrong website opens when I click on a link

Unread postby nesster » November 10th, 2009, 4:53 pm

Hi,

When I do a Yahoo or Google search I am directed to the wrong website when I click on a link. It happens about 75% of the time. I might click on amazon.com, for example, and get sent to a website for some school district in Texas. After going back to the search results, I can use get the right site to open on the 2nd or 3rd try. I've run the following programs:

Malwarebytes Anti-malware
Spybot
CC Cleaner
VirtumundoBeGone
Microsoft Malicious Software

Except for some minor things in Spybot, they all came up fine. No issues. Hmmm...can someone help me? Below is my hijackthis info:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:34 PM, on 10.Nov.09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A79DC901-56D4-4C30-8A8D-1D06DB1A2425} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3214246125
O16 - DPF: {C6D25826-96AE-462F-A852-BB33B882B723} (SFImageUpload1_4.ImageUpload) - http://duanereade.storefront.com/images ... oad1_4.CAB
O20 - AppInit_DLLs: jcjftf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceSB4 - Unknown owner - C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://65.110.81.33/images/FE/chain128s ... op_hed.gif

--
End of file - 7254 bytes
nesster
Active Member
 
Posts: 12
Joined: November 10th, 2009, 4:47 pm
Advertisement
Register to Remove

Re: Wrong website opens when I click on a link

Unread postby xixo_12 » November 13th, 2009, 7:26 am

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and I will guide you to encounter the problem that you have now.
  • We will work together and I need your attention to read all those instruction carefully.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • You may wish to print them off or copy the instruction into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Please post your replies to this thread only and keep interact with me until your computer is clean.

Everything I post to you will be review by MRU Teacher. This process will impact my response time to you. Be patient. ;)
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

Next,
Uninstall List.
  • Run the HiJack This.
  • Click at Open the Misc Tools section button.
  • Click at Misc Tools tab.
  • Under the System tools, click at Open Uninstall Manager button.
  • Find the Save list… button and save to the Desktop
  • Copy the content and paste the uninstall list here.

Next,
Checklist.
Please post.
  • uninstall list.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Wrong website opens when I click on a link

Unread postby nesster » November 13th, 2009, 10:38 am

Thanks for your help! Here's the uninstall log from HijackThis:

Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Standard
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AusLogics Disk Defrag
Bonjour
CCleaner
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
iTunes
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB954430)
QuickTime
RealPlayer
Safari
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Spybot - Search & Destroy
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Windows XP Service Pack 3
Yahoo! Messenger
nesster
Active Member
 
Posts: 12
Joined: November 10th, 2009, 4:47 pm

Re: Wrong website opens when I click on a link

Unread postby xixo_12 » November 16th, 2009, 8:42 am

Hi,
Let's proceed.

First,
Remove programs.
Please Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove
Spybot - Search & Destroy << You can reinstall after the system is clean.


Next,
Discussion.
Do you still use Norton Internet Security?

Next,
RSIT by random/random.
Please download from from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next,
Checklist.
Please post.
  • Answer for the discussion.
  • Content of log.txt and info.txt (Find both at C:\rsit)
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Wrong website opens when I click on a link

Unread postby nesster » November 17th, 2009, 10:37 am

Thanks again for your help. I am attaching the three files you requested here. Also, I don't use Norton and haven't for a long time. I thought I had uninstalled it from my PC.
You do not have the required permissions to view the files attached to this post.
nesster
Active Member
 
Posts: 12
Joined: November 10th, 2009, 4:47 pm

Re: Wrong website opens when I click on a link

Unread postby xixo_12 » November 17th, 2009, 6:42 pm

Hi ;) ,
Let's proceed.
Advice : Please copy and paste the content of the log. Don't use the attachment.

First,
ERUNT by Lars Hederer
Download ERUNT and save to the desktop.
  • Right click on erunt-setup.exe > Run as an Administrator to install the program.
  • Follow the prompts > uncheck Create NTREGOPT desktop icon at the Additional Tasks screen.
  • Click No when you are prompted about creating an ERUNT entry in the startup folder.
  • Next screen, uncheck Show documentation and check Launch ERUNT.
  • If ERUNT doesnt start by itself, launch it from the desktop shortcut.
  • At the configuration screen, make sure all 3 checkboxes are checked
  • Click Ok to run the backup process

Note:
The backups can be restored from here:
C:\windows\ERDNT\<todays date>\ERDNT.exe

Next
Norton Removal Tool
  • Click on HERE and you will redirect to Norton page.
  • Under Choose your product: Click on I have a Norton xxxxxxxxx product link to open the removal instructions and the download link. (xxxxxxxxx denotes the product name)
  • Run it to remove Norton. After this, please restart your computer.

Next,
ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links)
Save as Combo-Fix.exe <<Please have a look on file name. You have to change.
Link 1
Link 2

**IMPORTANT !!! Save Combo-Fix.exe to your Desktop**

  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right click on Combo-Fix.exe > Run as an Administrator & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Checklist.
Please post.
  • Content of ComboFix.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Wrong website opens when I click on a link

Unread postby nesster » November 18th, 2009, 1:45 pm

I wasn't able to remove Norton as I'm not sure what version I have. It's been so long since I used it (and I don't see it on my PC anywhere). How can I find out what version I have?

I did all of the other steps :o) The combo fix log is below. Also, in addition to being taken to the wrong websites, I also am sometimes directed to fake sites telling me my computer is infected and I should download software which, of course, I don't. I have to CTRL + ALT + DELETE to reboot Firefox.

ComboFix 09-11-18.06 - ehrich weiss 18.Nov.09 12:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.297 [GMT -5:00]
Running from: c:\documents and settings\ehrich weiss\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system32\Ijl11.dll

Infected copy of c:\windows\SYSTEM32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.

2009-11-18 16:36 . 2009-11-18 16:36 -------- d-----w- c:\program files\ERUNT
2009-11-17 01:55 . 2009-11-17 01:56 -------- d-----w- C:\rsit
2009-11-06 14:07 . 2009-11-06 14:07 -------- d-----w- c:\program files\iPod
2009-11-06 13:59 . 2009-11-06 13:59 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 15:12 . 2009-11-03 15:12 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-02 13:31 . 2009-11-02 13:31 -------- d-----w- c:\program files\Trend Micro
2009-11-01 14:04 . 2009-11-06 20:40 0 ----a-w- c:\documents and settings\ehrich weiss\Local Settings\Application Data\prvlcl.dat
2009-10-31 17:43 . 2009-10-31 17:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-29 23:15 . 2009-10-29 23:15 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\SUPERAntiSpyware.com
2009-10-26 20:32 . 2009-10-26 20:32 -------- d-----w- c:\program files\AVG
2009-10-26 19:26 . 2009-10-26 19:26 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 01:50 . 2006-02-17 00:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 01:48 . 2006-02-17 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-06 14:08 . 2006-09-14 04:04 -------- d-----w- c:\program files\iTunes
2009-11-06 14:07 . 2008-02-17 20:46 -------- d-----w- c:\program files\Common Files\Apple
2009-11-03 15:12 . 2003-12-13 01:39 -------- d-----w- c:\program files\Common Files\Real
2009-11-03 15:10 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-03 15:10 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-03 15:10 . 2003-12-13 01:39 -------- d-----w- c:\program files\Real
2009-10-30 01:21 . 2009-10-19 01:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-27 16:23 . 2004-01-05 20:58 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\AdobeUM
2009-10-19 01:40 . 2009-10-19 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 16:48 . 2009-10-17 16:48 65716 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-17 16:37 . 2008-08-09 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 16:37 . 2009-10-17 16:37 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-13 21:22 . 2009-09-23 13:33 -------- d-----w- c:\program files\iPod(3)
2009-10-13 21:21 . 2007-09-02 21:28 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\uTorrent
2009-09-16 14:01 . 2009-09-16 14:01 75080 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.31.9.1\SetupAdmin.exe
2009-09-10 18:54 . 2008-08-09 21:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-08-09 21:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 23:42 . 2008-09-10 15:16 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-02-17 20:46 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-01-14 06:27 . 2006-01-14 06:27 31327346 -c----w- c:\program files\NAV061200.exe
2008-02-17 19:10 . 2008-02-17 19:10 23 -csh--w- c:\windows\SYSTEM32\decdfffdb0_r.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 ServiceSB4;ServiceSB4;c:\program files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe --> c:\program files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe [?]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys --> c:\windows\system32\Drivers\BUSB2902.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: healthnet.com\ct-raxnf
Trusted Zone: theknot.com\www
DPF: Microsoft XML Parser for Java
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {C6D25826-96AE-462F-A852-BB33B882B723} - hxxp://duanereade.storefront.com/images ... oad1_4.CAB
FF - ProfilePath - c:\documents and settings\ehrich weiss\Application Data\Mozilla\Firefox\Profiles\65sro5e2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\ehrich weiss\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.DLL
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{A79DC901-56D4-4C30-8A8D-1D06DB1A2425} - (no file)
WebBrowser-{6A048BB7-E017-4326-B207-AA996C77BBCB} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-{9863F141-7A33-4c9a-A5F2-96996461B216} - c:\documents and settings\ehrich weiss\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_dd7a6fc\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 12:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\System32\wdfmgr.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2009-11-18 12:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-18 17:34

Pre-Run: 56,546,185,216 bytes free
Post-Run: 56,710,041,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 298745F12BB0CE374334825BE8B05AAA
nesster
Active Member
 
Posts: 12
Joined: November 10th, 2009, 4:47 pm

Re: Wrong website opens when I click on a link

Unread postby xixo_12 » November 20th, 2009, 4:56 am

Hi,

First,
Let's choose : I have a Norton 2006 product ;) Do let me know the result.
Next
Norton Removal Tool
  • Click on HERE and you will redirect to Norton page.
  • Under Choose your product: Click on I have a Norton xxxxxxxxx product link to open the removal instructions and the download link. (xxxxxxxxx denotes the product name)
  • Run it to remove Norton. After this, please restart your computer.


Next,
CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
http://malwareremoval.com/forum/viewtopic.php?p=484339#p484339

Collect::
C:\WINDOWS\system32\jcjftf.dll
C:\WINDOWS\system32\sneyivuf.dll
C:\WINDOWS\system32\urfyjkml.dll
C:\WINDOWS\system32\lphc3skj0et77.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf5d1483]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc6e271f]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc3skj0et77]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"=-

Folder::
C:\Program Files\uTorrent

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Malwarebytes' Anti-Malware
  • Double-click Malwarebytes' Anti-Malware to run the program.
  • Click on Update tab > Check for Updates.
  • Once done, click on Scanner tab, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Image
  • Refer to above image and then click Remove Selected to proceed.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


Next,
Analyze file(s).
Please visit Jotti or Virustotal
Copy and paste the path (one by one) into the white box at the top:
c:\documents and settings\ehrich weiss\Local Settings\Application Data\prvlcl.dat

  • Press Submit - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.

Next,
Checklist.
Please post.
  • Content of ComboFix.txt.
  • Content of MBAM log.
  • Result of analyze.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Wrong website opens when I click on a link

Unread postby nesster » November 20th, 2009, 9:39 am

Thanks again for your help!

1. I was still not able to remove Norton. I was told that, in order to uninstall Norton 2006, it would need to delete my Act! 2000 program. I use this for all of my contacts and did not want to uninstall it. (I don't have the install CD anymore.)

2: Combo Fix log:
ComboFix 09-11-18.06 - ehrich weiss 18.Nov.09 12:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.297 [GMT -5:00]
Running from: c:\documents and settings\ehrich weiss\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system32\Ijl11.dll

Infected copy of c:\windows\SYSTEM32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.

2009-11-18 16:36 . 2009-11-18 16:36 -------- d-----w- c:\program files\ERUNT
2009-11-17 01:55 . 2009-11-17 01:56 -------- d-----w- C:\rsit
2009-11-06 14:07 . 2009-11-06 14:07 -------- d-----w- c:\program files\iPod
2009-11-06 13:59 . 2009-11-06 13:59 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 15:12 . 2009-11-03 15:12 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-02 13:31 . 2009-11-02 13:31 -------- d-----w- c:\program files\Trend Micro
2009-11-01 14:04 . 2009-11-06 20:40 0 ----a-w- c:\documents and settings\ehrich weiss\Local Settings\Application Data\prvlcl.dat
2009-10-31 17:43 . 2009-10-31 17:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-29 23:15 . 2009-10-29 23:15 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\SUPERAntiSpyware.com
2009-10-26 20:32 . 2009-10-26 20:32 -------- d-----w- c:\program files\AVG
2009-10-26 19:26 . 2009-10-26 19:26 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 01:50 . 2006-02-17 00:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 01:48 . 2006-02-17 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-06 14:08 . 2006-09-14 04:04 -------- d-----w- c:\program files\iTunes
2009-11-06 14:07 . 2008-02-17 20:46 -------- d-----w- c:\program files\Common Files\Apple
2009-11-03 15:12 . 2003-12-13 01:39 -------- d-----w- c:\program files\Common Files\Real
2009-11-03 15:10 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-03 15:10 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-03 15:10 . 2003-12-13 01:39 -------- d-----w- c:\program files\Real
2009-10-30 01:21 . 2009-10-19 01:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-27 16:23 . 2004-01-05 20:58 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\AdobeUM
2009-10-19 01:40 . 2009-10-19 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 16:48 . 2009-10-17 16:48 65716 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-17 16:37 . 2008-08-09 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 16:37 . 2009-10-17 16:37 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-13 21:22 . 2009-09-23 13:33 -------- d-----w- c:\program files\iPod(3)
2009-10-13 21:21 . 2007-09-02 21:28 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\uTorrent
2009-09-16 14:01 . 2009-09-16 14:01 75080 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.31.9.1\SetupAdmin.exe
2009-09-10 18:54 . 2008-08-09 21:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-08-09 21:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 23:42 . 2008-09-10 15:16 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-02-17 20:46 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-01-14 06:27 . 2006-01-14 06:27 31327346 -c----w- c:\program files\NAV061200.exe
2008-02-17 19:10 . 2008-02-17 19:10 23 -csh--w- c:\windows\SYSTEM32\decdfffdb0_r.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 ServiceSB4;ServiceSB4;c:\program files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe --> c:\program files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe [?]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys --> c:\windows\system32\Drivers\BUSB2902.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: healthnet.com\ct-raxnf
Trusted Zone: theknot.com\www
DPF: Microsoft XML Parser for Java
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {C6D25826-96AE-462F-A852-BB33B882B723} - hxxp://duanereade.storefront.com/images ... oad1_4.CAB
FF - ProfilePath - c:\documents and settings\ehrich weiss\Application Data\Mozilla\Firefox\Profiles\65sro5e2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\ehrich weiss\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.DLL
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{A79DC901-56D4-4C30-8A8D-1D06DB1A2425} - (no file)
WebBrowser-{6A048BB7-E017-4326-B207-AA996C77BBCB} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-{9863F141-7A33-4c9a-A5F2-96996461B216} - c:\documents and settings\ehrich weiss\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_dd7a6fc\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 12:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\System32\wdfmgr.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2009-11-18 12:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-18 17:34

Pre-Run: 56,546,185,216 bytes free
Post-Run: 56,710,041,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 298745F12BB0CE374334825BE8B05AAA

3. Mbam log:
Malwarebytes' Anti-Malware 1.41
Database version: 3201
Windows 5.1.2600 Service Pack 3

20.Nov.09 8:24:52 AM
mbam-log-2009-11-20 (08-24-52).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 238931
Time elapsed: 1 hour(s), 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4. I submitted my prvlcl.dat file to Virustotal. The file appears to be empty as I received the following message:
0 bytes received

I got a similar message at Jotti.
nesster
Active Member
 
Posts: 12
Joined: November 10th, 2009, 4:47 pm

Re: Wrong website opens when I click on a link

Unread postby xixo_12 » November 22nd, 2009, 6:40 pm

Hi,
No worries about Norton. We will remove it soon.

Previously :
ComboFix 09-11-18.06 - ehrich weiss 18.Nov.09 12:02.1.1 - x86


Latest log :
ComboFix 09-11-18.06 - ehrich weiss 18.Nov.09 12:02.1.1 - x86


Please have a look at the bold part.
You provided the same ComboFix log for my review purpose.
Can you find the latest log on C:\ ? the date should be 09-11-20.
By the way, the log should appear automatically after the run with CFScript.

Next,
RSIT.
Please run RSIT again to produce log.txt.
***You can find manually the log at C:\rsit

Next,
Checklist.
Please post.
  • Content of log.txt (Find in c:\rsit)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Wrong website opens when I click on a link

Unread postby nesster » November 24th, 2009, 10:21 am

Hi again,

Here is the Combo fix log and the Hijackthis log. Also, I have not had any problems with my PC since last week! Good news!

Combo Fix Log
ComboFix 09-11-23.02 - ehrich weiss 23.Nov.09 21:17.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.123 [GMT -5:00]
Running from: c:\documents and settings\ehrich weiss\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-20 02:37 . 2009-11-20 02:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-18 16:36 . 2009-11-18 16:36 -------- d-----w- c:\program files\ERUNT
2009-11-17 01:55 . 2009-11-17 01:56 -------- d-----w- C:\rsit
2009-11-06 14:07 . 2009-11-06 14:07 -------- d-----w- c:\program files\iPod
2009-11-06 13:59 . 2009-11-06 13:59 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 15:12 . 2009-11-03 15:12 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-02 13:31 . 2009-11-02 13:31 -------- d-----w- c:\program files\Trend Micro
2009-11-01 14:04 . 2009-11-06 20:40 0 ----a-w- c:\documents and settings\ehrich weiss\Local Settings\Application Data\prvlcl.dat
2009-10-31 17:43 . 2009-10-31 17:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-29 23:15 . 2009-10-29 23:15 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\SUPERAntiSpyware.com
2009-10-26 20:32 . 2009-10-26 20:32 -------- d-----w- c:\program files\AVG
2009-10-26 19:26 . 2009-10-26 19:26 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 02:41 . 2008-09-10 15:23 -------- d-----w- c:\program files\Safari
2009-11-17 01:50 . 2006-02-17 00:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 01:48 . 2006-02-17 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-06 14:08 . 2006-09-14 04:04 -------- d-----w- c:\program files\iTunes
2009-11-06 14:07 . 2008-02-17 20:46 -------- d-----w- c:\program files\Common Files\Apple
2009-11-03 15:12 . 2003-12-13 01:39 -------- d-----w- c:\program files\Common Files\Real
2009-11-03 15:10 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-03 15:10 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-03 15:10 . 2003-12-13 01:39 -------- d-----w- c:\program files\Real
2009-10-30 01:21 . 2009-10-19 01:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-27 16:23 . 2004-01-05 20:58 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\AdobeUM
2009-10-19 01:40 . 2009-10-19 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 16:48 . 2009-10-17 16:48 65716 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-17 16:37 . 2008-08-09 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 16:37 . 2009-10-17 16:37 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-13 21:22 . 2009-09-23 13:33 -------- d-----w- c:\program files\iPod(3)
2009-10-13 21:21 . 2007-09-02 21:28 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\uTorrent
2009-09-16 14:01 . 2009-09-16 14:01 75080 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.31.9.1\SetupAdmin.exe
2009-09-10 18:54 . 2008-08-09 21:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-08-09 21:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 23:42 . 2008-09-10 15:16 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-02-17 20:46 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-01-14 06:27 . 2006-01-14 06:27 31327346 -c----w- c:\program files\NAV061200.exe
2008-02-17 19:10 . 2008-02-17 19:10 23 -csh--w- c:\windows\SYSTEM32\decdfffdb0_r.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-18_17.19.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 02:39 . 2009-11-20 02:39 796672 c:\windows\Installer\726def0.msi
+ 2009-11-20 02:40 . 2009-11-20 02:40 307200 c:\windows\Installer\{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}\SafariIco.exe
+ 2009-11-20 02:40 . 2009-11-20 02:40 2449408 c:\windows\Installer\726df40.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 ServiceSB4;ServiceSB4;c:\program files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe --> c:\program files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe [?]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys --> c:\windows\system32\Drivers\BUSB2902.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: healthnet.com\ct-raxnf
Trusted Zone: theknot.com\www
DPF: Microsoft XML Parser for Java
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {C6D25826-96AE-462F-A852-BB33B882B723} - hxxp://duanereade.storefront.com/images ... oad1_4.CAB
FF - ProfilePath - c:\documents and settings\ehrich weiss\Application Data\Mozilla\Firefox\Profiles\65sro5e2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\ehrich weiss\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.DLL
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 21:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-23 21:51
ComboFix-quarantined-files.txt 2009-11-24 02:51
ComboFix2.txt 2009-11-20 10:15
ComboFix3.txt 2009-11-18 17:35

Pre-Run: 56,507,650,048 bytes free
Post-Run: 56,473,989,120 bytes free

- - End Of File - - 023DA2C99B349FAA29F99428A325200C

Hijack This Log
Logfile of random's system information tool 1.06 (written by random/random)
Run by ehrich weiss at 2009-11-24 09:16:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 54 GB (71%) free of 76 GB
Total RAM: 510 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:00 AM, on 24.Nov.09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ehrich weiss\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\ehrich weiss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3214246125
O16 - DPF: {C6D25826-96AE-462F-A852-BB33B882B723} (SFImageUpload1_4.ImageUpload) - http://duanereade.storefront.com/images ... oad1_4.CAB
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceSB4 - Unknown owner - C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://65.110.81.33/images/FE/chain128s ... op_hed.gif

--
End of file - 6204 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-21 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2005-08-04 343112]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-07-01 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
C:\WINDOWS\MXOALDR.EXE [2003-10-10 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-03 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Distillr\acrotray.exe [2003-10-23 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2
"LiveUpdate Notice Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-23 21:51:09 ----D---- C:\WINDOWS\temp
2009-11-23 21:51:04 ----A---- C:\ComboFix.txt
2009-11-18 11:57:10 ----A---- C:\Boot.bak
2009-11-18 11:56:59 ----RASHD---- C:\cmdcons
2009-11-18 11:42:45 ----A---- C:\WINDOWS\zip.exe
2009-11-18 11:42:45 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-18 11:42:45 ----A---- C:\WINDOWS\SWSC.exe
2009-11-18 11:42:45 ----A---- C:\WINDOWS\SWREG.exe
2009-11-18 11:42:45 ----A---- C:\WINDOWS\sed.exe
2009-11-18 11:42:45 ----A---- C:\WINDOWS\PEV.exe
2009-11-18 11:42:45 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-18 11:42:45 ----A---- C:\WINDOWS\MBR.exe
2009-11-18 11:42:45 ----A---- C:\WINDOWS\grep.exe
2009-11-18 11:41:21 ----D---- C:\Qoobox
2009-11-18 11:37:31 ----D---- C:\WINDOWS\ERDNT
2009-11-18 11:36:11 ----D---- C:\Program Files\ERUNT
2009-11-16 20:55:38 ----D---- C:\rsit
2009-11-06 09:07:23 ----D---- C:\Program Files\iPod
2009-11-03 10:12:19 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-11-03 10:12:08 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-11-03 10:12:08 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-11-03 10:12:03 ----D---- C:\Program Files\Common Files\xing shared
2009-11-03 10:10:49 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-11-02 08:31:54 ----D---- C:\Program Files\Trend Micro
2009-10-29 18:15:23 ----D---- C:\Documents and Settings\ehrich weiss\Application Data\SUPERAntiSpyware.com
2009-10-26 15:32:16 ----D---- C:\Program Files\AVG

======List of files/folders modified in the last 1 months======

2009-11-24 09:16:46 ----D---- C:\WINDOWS\Prefetch
2009-11-24 09:15:30 ----D---- C:\Program Files\Mozilla Firefox
2009-11-23 21:51:09 ----D---- C:\WINDOWS
2009-11-23 21:29:42 ----A---- C:\WINDOWS\system.ini
2009-11-23 21:26:19 ----D---- C:\WINDOWS\system32\DRIVERS
2009-11-23 21:26:19 ----D---- C:\WINDOWS\SYSTEM32
2009-11-23 21:26:19 ----D---- C:\WINDOWS\AppPatch
2009-11-23 21:26:10 ----D---- C:\Program Files\Common Files
2009-11-23 21:15:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-23 21:14:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-21 11:00:08 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2009-11-20 05:08:02 ----RD---- C:\Program Files
2009-11-20 04:23:57 ----D---- C:\Config.Msi
2009-11-19 21:41:40 ----SHD---- C:\WINDOWS\Installer
2009-11-19 21:41:03 ----D---- C:\Program Files\Safari
2009-11-19 10:24:52 ----D---- C:\Tempy
2009-11-19 10:05:54 ----AC---- C:\WINDOWS\Winamp.ini
2009-11-18 12:17:59 ----D---- C:\WINDOWS\system32\CONFIG
2009-11-18 11:59:40 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-11-18 11:57:11 ----RASH---- C:\BOOT.INI
2009-11-17 09:42:39 ----A---- C:\WINDOWS\WIN.INI
2009-11-16 20:50:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-16 20:48:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-09 21:53:05 ----D---- C:\WINDOWS\Minidump
2009-11-07 01:48:26 ----HD---- C:\WINDOWS\INF
2009-11-06 09:08:35 ----D---- C:\Program Files\iTunes
2009-11-06 09:07:18 ----D---- C:\Program Files\Common Files\Apple
2009-11-06 07:01:50 ----D---- C:\WINDOWS\Help
2009-11-04 10:00:22 ----D---- C:\WINDOWS\Debug
2009-11-03 11:48:00 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-03 10:13:21 ----D---- C:\Documents and Settings\ehrich weiss\Application Data\Real
2009-11-03 10:12:25 ----D---- C:\Program Files\Common Files\Real
2009-11-03 10:10:56 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-11-03 10:10:56 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-11-03 10:10:55 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-11-03 10:10:53 ----D---- C:\Program Files\Real
2009-10-31 12:43:49 ----D---- C:\WINDOWS\system32\WBEM
2009-10-31 12:43:49 ----D---- C:\WINDOWS\Registration
2009-10-31 12:42:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-30 07:51:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-30 07:51:08 ----D---- C:\WINDOWS\PCHealth
2009-10-29 20:21:18 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-27 11:23:50 ----D---- C:\Documents and Settings\ehrich weiss\Application Data\AdobeUM
2009-10-26 15:31:17 ----D---- C:\WINDOWS\WinSxS
2009-10-26 15:31:17 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 catchme;catchme; \??\C:\DOCUME~1\EHRICH~1\LOCALS~1\Temp\catchme.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2002-07-02 50830]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2002-07-02 6030]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2002-07-02 70382]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S2 DeviceScanner;Compaq S200 Scanner; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO; C:\WINDOWS\System32\Drivers\BUSB2902.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [2001-08-17 153631]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 FINEPIX_PCC;FinePix Digital Camera 020717; C:\WINDOWS\System32\Drivers\V4CB011D.SYS [2002-05-07 81700]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\EHRICH~1\LOCALS~1\Temp\mbr.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MXOFX;USB Storage Adapter FX (MXO); C:\WINDOWS\System32\DRIVERS\MXOFX.SYS [2003-10-10 32640]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\System32\DRIVERS\mxopswd.sys [2004-08-09 14592]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-01 1251720]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-09-22 38912]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 ServiceSB4;ServiceSB4; C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
nesster
Active Member
 
Posts: 12
Joined: November 10th, 2009, 4:47 pm

Re: Wrong website opens when I click on a link

Unread postby xixo_12 » November 24th, 2009, 5:39 pm

Hi,
I noticed you run ComboFix again without my advice.
I did mentioned about it.
ComboFix SHOULD NOT be used unless requested by a forum helper

If anything happen, I will not responsible toward it.

The system still have a few leftover. I'm not finish with it.
Let's move.

First,
CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:
Code: Select all
Driver::
Automatic LiveUpdate Scheduler
Symantec Core LC
LiveUpdate
File::
c:\program files\NAV061200.exe
Folder::
C:\Program Files\Symantec
C:\Program Files\Common Files\Symantec Shared
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=-

Save this as CFScript.txt, in the same location as ComboFix.exe
Image
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Analyze file(s).
Please visit Jotti.
Click on browse > copy below link (one by one) and paste on the File name box > Click Open:
c:\windows\SYSTEM32\decdfffdb0_r.dll

  • Press Submit file - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next,
No Antivirus.

Next,
RSIT.
Please run RSIT again to produce log.txt and info.txt.
***You can find manually the log at C:\rsit

Next,
Checklist.
Please post.
  • Content of ComboFix.txt
  • Result of analyze
  • Content of log.txt and info.txt (Find both in c:\rsit)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Wrong website opens when I click on a link

Unread postby nesster » November 24th, 2009, 7:54 pm

Sorry - I thought you had asked me to run ComboFix again.

* Content of ComboFix.txt
ComboFix 09-11-23.02 - ehrich weiss 24.Nov.09 17:55.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.68 [GMT -5:00]
Running from: c:\documents and settings\ehrich weiss\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\ehrich weiss\Desktop\CFScript.txt

FILE ::
"c:\program files\NAV061200.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\SPManifests\eraser.grd
c:\program files\Common Files\Symantec Shared\SPManifests\eraser.sig
c:\program files\Common Files\Symantec Shared\SPManifests\eraser.spm
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.grd
c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.sig
c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.spm
c:\program files\Common Files\Symantec Shared\SymProbe.exe
c:\program files\Common Files\Symantec Shared\tgctlsi.dll
c:\program files\Common Files\Symantec Shared\tgctlsr.dll
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\vscanmsx.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080809.002\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\vscanmsx.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080814.003\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\catalog.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\cceraser.dll
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ecbootil.vxd
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\esrdef.bin
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\hh
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.exp
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.vxd
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.exp
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.vxd
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ncsacert.txt
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\scrauth.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan7.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan8.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan9.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\technote.txt
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tinf.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfidx.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfl.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1hd.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\v.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\v.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan1.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan2.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan3.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan4.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan5.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan6.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan7.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\whatsnew.txt
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\zdone.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\definfo.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\TextHub\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22e6.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3276.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp32c4.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3438.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3450.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp34a2.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35b9.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp35e6.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3a5b.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3fbb.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp400f.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp44ab.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4a6c.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5704.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5755.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6953.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6956.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a1.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69a4.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp69f8.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp6c12.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp70bd.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7bcf.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\eraser.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7c23.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7f8f.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\usage.dat
c:\program files\NAV061200.exe
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\AUPDATERES.DLL
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LSETUPRES.DLL
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LUALLRES.DLL
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuComServer_3_0.EXE
c:\program files\Symantec\LiveUpdate\LuComServerPS_3_0.DLL
c:\program files\Symantec\LiveUpdate\LuComServerRes.dll
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\LUINSDLLRES.DLL
c:\program files\Symantec\LiveUpdate\luinventoryinst.jar
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\LUSESAIntegration.dll
c:\program files\Symantec\LiveUpdate\LUSESAIntegrationRes.dll
c:\program files\Symantec\LiveUpdate\LUSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUUPDATE.EXE
c:\program files\Symantec\LiveUpdate\MFC71.DLL
c:\program files\Symantec\LiveUpdate\MSVCP71.DLL
c:\program files\Symantec\LiveUpdate\MSVCR71.DLL
c:\program files\Symantec\LiveUpdate\NetDetectController_3_0.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom_3_0.DLL
c:\program files\Symantec\LiveUpdate\providerInst.jar
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUCP1RES.DLL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SESA.Settings.LiveUpdate
c:\program files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\program files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
c:\program files\Symantec\LiveUpdate\UNRAR.DLL
c:\program files\Symantec\LiveUpdate\winluproviderinst.jar

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AUTOMATIC_LIVEUPDATE_SCHEDULER
-------\Legacy_LIVEUPDATE
-------\Legacy_SYMANTEC_CORE_LC
-------\Service_Automatic LiveUpdate Scheduler
-------\Service_LiveUpdate
-------\Service_Symantec Core LC
-------\Legacy_eeCtrl
-------\Service_eeCtrl


((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-20 02:37 . 2009-11-20 02:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-18 16:36 . 2009-11-18 16:36 -------- d-----w- c:\program files\ERUNT
2009-11-17 01:55 . 2009-11-17 01:56 -------- d-----w- C:\rsit
2009-11-06 14:07 . 2009-11-06 14:07 -------- d-----w- c:\program files\iPod
2009-11-06 13:59 . 2009-11-06 13:59 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 15:12 . 2009-11-03 15:12 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-02 13:31 . 2009-11-02 13:31 -------- d-----w- c:\program files\Trend Micro
2009-11-01 14:04 . 2009-11-06 20:40 0 ----a-w- c:\documents and settings\ehrich weiss\Local Settings\Application Data\prvlcl.dat
2009-10-31 17:43 . 2009-10-31 17:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-29 23:15 . 2009-10-29 23:15 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\SUPERAntiSpyware.com
2009-10-26 20:32 . 2009-10-26 20:32 -------- d-----w- c:\program files\AVG
2009-10-26 19:26 . 2009-10-26 19:26 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 02:41 . 2008-09-10 15:23 -------- d-----w- c:\program files\Safari
2009-11-17 01:50 . 2006-02-17 00:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 01:48 . 2006-02-17 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-06 14:08 . 2006-09-14 04:04 -------- d-----w- c:\program files\iTunes
2009-11-06 14:07 . 2008-02-17 20:46 -------- d-----w- c:\program files\Common Files\Apple
2009-11-03 15:12 . 2003-12-13 01:39 -------- d-----w- c:\program files\Common Files\Real
2009-11-03 15:10 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-03 15:10 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-03 15:10 . 2003-12-13 01:39 -------- d-----w- c:\program files\Real
2009-10-30 01:21 . 2009-10-19 01:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-27 16:23 . 2004-01-05 20:58 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\AdobeUM
2009-10-19 01:40 . 2009-10-19 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 16:48 . 2009-10-17 16:48 65716 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-17 16:37 . 2008-08-09 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 16:37 . 2009-10-17 16:37 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-13 21:22 . 2009-09-23 13:33 -------- d-----w- c:\program files\iPod(3)
2009-10-13 21:21 . 2007-09-02 21:28 -------- d-----w- c:\documents and settings\ehrich weiss\Application Data\uTorrent
2009-09-16 14:01 . 2009-09-16 14:01 75080 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.31.9.1\SetupAdmin.exe
2009-09-10 18:54 . 2008-08-09 21:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-08-09 21:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 23:42 . 2008-09-10 15:16 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-02-17 20:46 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2008-02-17 19:10 . 2008-02-17 19:10 23 -csh--w- c:\windows\SYSTEM32\decdfffdb0_r.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-18_17.19.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 02:39 . 2009-11-20 02:39 796672 c:\windows\Installer\726def0.msi
+ 2009-11-20 02:40 . 2009-11-20 02:40 307200 c:\windows\Installer\{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}\SafariIco.exe
+ 2009-11-20 02:40 . 2009-11-20 02:40 2449408 c:\windows\Installer\726df40.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 ServiceSB4;ServiceSB4;c:\program files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe --> c:\program files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe [?]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys --> c:\windows\system32\Drivers\BUSB2902.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: healthnet.com\ct-raxnf
Trusted Zone: theknot.com\www
DPF: Microsoft XML Parser for Java
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {C6D25826-96AE-462F-A852-BB33B882B723} - hxxp://duanereade.storefront.com/images ... oad1_4.CAB
FF - ProfilePath - c:\documents and settings\ehrich weiss\Application Data\Mozilla\Firefox\Profiles\65sro5e2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\ehrich weiss\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.DLL
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 18:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-11-24 18:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-24 23:29
ComboFix2.txt 2009-11-24 02:51
ComboFix3.txt 2009-11-20 10:15
ComboFix4.txt 2009-11-18 17:35

Pre-Run: 56,463,511,552 bytes free
Post-Run: 56,289,533,952 bytes free

- - End Of File - - 5F4A039BC8BFD8196A14162C12D424CA

* Result of analyze
This file could not be found at this path:
c:\windows\SYSTEM32\decdfffdb0_r.dll

I did a search on my c: drive for "decdfffdb0_r.dll" but it did not come up so I could not submit it to Jotti.

* Content of log.txt and info.txt (Find both in c:\rsit)
I have to attach the log.txt and info.txt because I've used the maximum number of charchters for this post. The info.txt is from 11/16/09. It did not create a new one when I just re-ran the program.
You do not have the required permissions to view the files attached to this post.
nesster
Active Member
 
Posts: 12
Joined: November 10th, 2009, 4:47 pm

Re: Wrong website opens when I click on a link

Unread postby xixo_12 » November 25th, 2009, 8:32 am

Hi,

First,
Discussion.
I can't see any active antivirus. Do you skip below quoted instruction?
If yes, please do so now.
Next,
No Antivirus!


Next,
Enable show hidden folder/files.
  • Click on Start.
  • Open My Computer.
  • Select the Tools menu and click on Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading select on Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Next,
Analyze file(s).
Please visit Jotti.
Click on browse > copy below link (one by one) and paste on the File name box > Click Open:
c:\windows\SYSTEM32\decdfffdb0_r.dll

  • Press Submit file - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next,
***Optional Fix in red colour - Please fix it if you do not recognize this entry
Fix entries.
  • Run the HiJack This.
  • Click on Do a system scan only button.
  • Search the entries as below and tick at the small box.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {C6D25826-96AE-462F-A852-BB33B882B723} (SFImageUpload1_4.ImageUpload) -http://duanereade.storefront.com/images ... oad1_4.CAB
    O24 - Desktop Component 0: (no name) -http://65.110.81.33/images/FE/chain128s ...op_hed.gif
  • Close any other program and leave HiJackThis program alone.
  • Click Fix checked.

Next,
Reboot.

Next,
Uninstall List.
  • Run the HiJack This.
  • Click on Open the Misc Tools section button.
  • Click on Misc Tools tab.
  • Under the System tools, click on Open Uninstall Manager button.
  • Find the Save list… button and save to the Desktop
  • Copy the content and paste the uninstall list here.

Next,
Checklist.
Please post.
  • Result of analyze.
  • Content of uninstall list.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Wrong website opens when I click on a link

Unread postby nesster » November 25th, 2009, 11:47 am

Hello again,

1. I have installed AntiVir

2. Jotti link is:
http://virusscan.jotti.org/en-gb/scanre ... 1cb41bbae7

3. Uninstall list is:
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Standard
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AusLogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
Bonjour
CCleaner
ERUNT 1.1j
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
iTunes
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB954430)
QuickTime
Safari
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Windows XP Service Pack 3
Yahoo! Messenger
nesster
Active Member
 
Posts: 12
Joined: November 10th, 2009, 4:47 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware