Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > W32.Station@mm & Symantec

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

W32.Station@mm & Symantec

Reply to Message Icon

Name: VicV
Date: January 19, 2007 at 13:51:01 Pacific
OS: XP Professional Service P
CPU/Ram: Xeon dual CPU 3.00 GHz 3.
Product: Home Built
Comment:

I have a problem with W32.Station@mm being found on my machine 5-10 time per day by Symantec. I have tried many methods to remove the virus ( safe mode scans and other products to clean out my machine ) the infestation seems to be in my temporary files and it comes back no matter what I do. Any help would be appreciated. I have my Hijackthis log file if that would help.



Sponsored Link
Ads by Google

Response Number 1
Name: jabuck
Date: January 19, 2007 at 14:04:13 Pacific
Reply:

Please post yor Hijack This log.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


0

Response Number 2
Name: VicV
Date: January 19, 2007 at 14:17:36 Pacific
Reply:

The following is what I got in the report file.

SmitFraudFix v2.132

Scan done at 16:29:22.16, Fri 01/19/2007
Run from C:\Documents and Settings\Vic.NPI\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vic.NPI


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vic.NPI\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Vic.NPI\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.animation-station.com/smileys/images/Crash.gif"
"SubscribedURL"="http://www.animation-station.com/smileys/images/Crash.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



0

Response Number 3
Name: VicV
Date: January 19, 2007 at 14:19:46 Pacific
Reply:

I also ran hijakthis below is thereport f that would be of use.

Logfile of HijackThis v1.99.1
Scan saved at 11:49:17 AM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3ware\3dm2\3dm2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\XIMETA\NetDisk\LDServ.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERMICRO\SDIII\NTService.exe
C:\WINDOWS\system32\SD3Service.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\MXOALDR.exe
C:\WINDOWS\system32\LVCOMSX.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\SOUNDMAN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\LAN Chat Enterprise\LANChat_En.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\XIMETA\NetDisk\Admin.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.10/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: PrintPunk Activate Toolbar - {D408001A-E1C0-4FA9-B256-D6CDF2754E7D} - C:\Program Files\PrintPunk\PrintPunk.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {63AB4C54-3310-44c9-85D8-AA92C2263D58} - (no file)
O3 - Toolbar: PrintPunk - {C6429812-4127-47C6-88BA-EF79B6735132} - C:\Program Files\PrintPunk\PrintPunk.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LAN Chat E n t e r p r i s e.lnk = C:\Program Files\LAN Chat Enterprise\LANChat_En.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: NetDisk Administrator.lnk = C:\Program Files\XIMETA\NetDisk\Admin.exe
O4 - Global Startup: Supero Doctor III Client.lnk = C:\Program Files\SUPERMICRO\SDIII\SuperoDoctor.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PrintPunk Print to Fit - file://C:\Program Files\PrintPunk\\PrintPunkPrintToFit.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PrintPunk - {B6D2D93F-2723-41a5-BD16-F853CA6FC460} - C:\Program Files\PrintPunk\PrintPunk.dll
O9 - Extra 'Tools' menuitem: PrintPunk Toolbar - {B6D2D93F-2723-41a5-BD16-F853CA6FC460} - C:\Program Files\PrintPunk\PrintPunk.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.gotomypc.com
O15 - Trusted Zone: http://www.neubauer-perkins.com
O15 - Trusted Zone: http://www.or-live.com
O15 - Trusted Zone: http://www.smith-nephew.com
O15 - Trusted Zone: http://www.smithnephew.com
O15 - Trusted IP range: 192.168.1.10
O15 - Trusted IP range: http://63.167.185.4
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTestClient) - http://gamer.ubicom.com/benchmarks/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {90B9A024-86FB-4A34-A79E-1007DBA64049} (RNDCInstall Class) - http://www.raindance.com/rndc/webin...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://news.beograd.com/AxisCamCont...
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - https://mercuryqc.smithnephew.com/qcbin/Spider90.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://opscenter.smithnephew.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/m...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://zilliant.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NPI.local
O17 - HKLM\Software\..\Telephony: DomainName = NPI.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NPI.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NPI.local
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: 3DM2 - Unknown owner - C:\Program Files\3ware\3dm2\3dm2.exe
O23 - Service: AdaptecStorageManagerAgent - Adaptec Incorporated - C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LANSCSI Helper Service (LanScsiHelper) - XIMETA, Inc. - C:\Program Files\XIMETA\NetDisk\LDServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Symantec Corporation - (no file)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\NTService.exe
O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\WINDOWS\system32\SD3Service.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TridiaVNC Server (winvnc) - Unknown owner - C:\WINDOWS\system32\WinVNC.exe" -service (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe



0

Response Number 4
Name: jabuck
Date: January 19, 2007 at 15:06:14 Pacific
Reply:

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/combofix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the combofix.txt log.


0

Response Number 5
Name: VicV
Date: January 19, 2007 at 15:35:43 Pacific
Reply:

OK ComboFix.txt follows

"vic" - 07-01-19 17:37:07 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Vic.NPI\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\s.exe
C:\WINDOWS\Downloaded Program Files\rndcctrl


((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))


2007-01-19 16:29 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-19 16:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-19 16:29 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-19 16:29 4,720 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-19 16:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-19 16:28 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-19 16:28 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-19 11:48 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-18 16:48 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-01-18 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\ZILLAbar
2007-01-18 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\STOPzilla!
2007-01-18 16:22 42,544 --a------ C:\WINDOWS\system32\gotomon.dll
2007-01-12 09:24 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-10 16:44 <DIR> d-------- C:\Program Files\Security Task Manager
2007-01-10 16:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SecTaskMan
2007-01-08 13:15 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-08 13:14 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-01-08 13:14 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-01-08 13:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-01-08 13:14 <DIR> d-------- C:\DOCUME~1\Vic.NPI\Application Data\PC Tools
2007-01-05 17:17 <DIR> d-------- C:\BHR
2006-12-29 09:31 <DIR> d-------- C:\Program Files\Realtek AC97
2006-12-28 17:05 <DIR> d-------- C:\Program Files\Registry Clean Expert
2006-12-28 14:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-28 14:21 <DIR> d-------- C:\Program Files\NoAdware5.0
2006-12-28 14:15 <DIR> d-------- C:\DOCUME~1\Vic.NPI\.housecall6.6
2006-12-28 14:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-27 12:17 <DIR> d-------- C:\DOCUME~1\Vic.NPI\Application Data\Prevx
2006-12-27 12:16 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2006-12-27 12:16 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2006-12-27 12:16 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2006-12-27 12:16 274,688 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2006-12-27 12:16 18,560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2006-12-27 12:16 13,952 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
2006-12-27 12:16 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-12-27 12:16 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2006-12-27 12:16 <DIR> d-------- C:\Program Files\Prevx1
2006-12-27 12:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Prevx
2006-12-25 23:42 <DIR> d-------- C:\WINDOWS\Sun
2006-12-25 23:42 <DIR> d-------- C:\DOCUME~1\Vic.NPI\Application Data\Sun
2006-12-25 23:39 <DIR> d-------- C:\Program Files\Java
2006-12-25 23:38 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-22 15:14 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-12-22 15:13 <DIR> d-------- C:\Program Files\Real
2006-12-22 15:13 <DIR> d-------- C:\Program Files\Common Files\Real
2006-12-22 15:12 <DIR> d-------- C:\DOCUME~1\Vic.NPI\Application Data\Real
2006-12-22 15:02 <DIR> d-------- C:\Program Files\Mozilla Firefox


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-19 14:03 -------- d-------- C:\DOCUME~1\Vic.NPI\Application Data\gdsattachmentindexes
2007-01-19 08:38 -------- d-------- C:\Program Files\logmein
2007-01-18 16:59 -------- d-------- C:\Program Files\symantec antivirus
2007-01-18 13:56 -------- d-------- C:\DOCUME~1\Vic.NPI\Application Data\adobeum
2007-01-18 12:55 -------- d-------- C:\DOCUME~1\Vic.NPI\Application Data\officeupdate12
2007-01-16 15:57 -------- d-------- C:\DOCUME~1\Vic.NPI\Application Data\dvdcss
2007-01-15 23:59 -------- d-------- C:\Program Files\windows defender
2007-01-15 23:55 -------- d-------- C:\Program Files\printpunk
2007-01-15 23:40 -------- d-------- C:\Program Files\lan chat enterprise
2007-01-15 23:32 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-10 11:56 -------- d-------- C:\Program Files\dvdfab decrypter 3
2007-01-01 21:55 7213006 --a------ C:\Program Files\tvu player.zip
2006-12-28 15:14 -------- d-------- C:\Program Files\Common Files\frsys
2006-12-28 13:09 -------- d-------- C:\Program Files\futureca antivirus outlook
2006-12-27 22:31 -------- d---s---- C:\DOCUME~1\Vic.NPI\Application Data\microsoft
2006-12-22 15:02 -------- d-------- C:\DOCUME~1\Vic.NPI\Application Data\mozilla
2006-12-15 14:18 -------- d-------- C:\DOCUME~1\Vic.NPI\Application Data\roxio
2006-12-11 13:40 -------- d-------- C:\Program Files\package tracker
2006-12-05 12:57 -------- d-------- C:\Program Files\windows media connect 2
2006-12-05 12:06 -------- d-------- C:\Program Files\symantec
2006-12-01 17:08 -------- d-------- C:\Program Files\google
2006-11-29 15:36 64416 --a------ C:\DOCUME~1\Vic.NPI\Application Data\gdsattachmentindex.xml
2006-11-23 17:11 4025088 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2006-11-22 10:56 -------- d-------- C:\DOCUME~1\Vic.NPI\Application Data\divx
2006-11-22 10:52 -------- d-------- C:\Program Files\divx
2006-11-21 14:42 -------- d-------- C:\Program Files\isotope244 graphics
2006-11-17 16:45 58188 --a------ C:\DOCUME~1\Vic.NPI\Application Data\gdsattachmentsearchresultfoldersindex.xml
2006-11-17 05:42 577536 --a------ C:\WINDOWS\soundman.exe
2006-11-13 00:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-11-13 00:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-11-13 00:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-13 00:02 116736 --------- C:\WINDOWS\system32\aaclient.dll
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 15:00 184897 --a------ C:\WINDOWS\system32\atasnt40.dll
2006-11-07 02:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\rmactivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\rmactivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\secproc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\secproc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\rmactivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\rmactivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"RegClean Expert Scheduler"="\"C:\\Program Files\\Registry Clean Expert\\RCHelper.exe\" /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Logitech Utility"="Logi_MwX.Exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"MaxtorOneTouch"="C:\\Program Files\\Maxtor\\OneTouch\\utils\\Onetouch.exe"
"MXOBG"="C:\\WINDOWS\\MXOALDR.exe"
"RetroExpress"="C:\\PROGRA~1\\Dantz\\RETROS~1\\RetroExpress.exe /h"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogMeIn GUI"="\"C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Drag to Disc\\DrgToDsc.exe\""
"RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"SoundMan"="SOUNDMAN.EXE"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"GoToMyPC"="C:\\Program Files\\Citrix\\GoToMyPC\\g2svc.exe -logon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.animation-station.com/sm...

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-19 17:44:03


0

Related Posts

See More



Response Number 6
Name: jabuck
Date: January 19, 2007 at 19:33:00 Pacific
Reply:

Temporarily disable any of the following anti-spyware realtime protection programs that you may have or anything we try to remove will get reinstalled.Disable Realtime Protection

Do you know what these item are?

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.10/

O15 - Trusted Zone: http://www.gotomypc.com

O15 - Trusted Zone: http://www.neubauer-perkins.com

O15 - Trusted Zone: http://www.or-live.com

O15 - Trusted Zone: http://www.smith-nephew.com

O15 - Trusted Zone: http://www.smithnephew.com

O15 - Trusted IP range: 192.168.1.10

O15 - Trusted IP range: http://63.167.185.4

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post the AVG-Antispyware report and a new Combofix log please.


0

Response Number 7
Name: VicV
Date: January 22, 2007 at 10:01:54 Pacific
Reply:

Yes I know what each one of the trusted Ip's or host names are and they are all legit. I ran the ATF cleaner in safe mode and AVG the log file follows


AVG Anti-Spyware - Scan Report


+ Created at: 12:02:33 PM 1/22/2007

+ Scan result:

C:\Program Files\LogMeIn\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : No action taken.
C:\Program Files\LogMeIn\update\2-30-547.bak\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : No action taken.
C:\Program Files\LogMeIn\update\2-30-555.bak\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : No action taken.
C:\WINDOWS\system32\LMIinit.dll.000.bak -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : No action taken.
:mozilla.6:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.7:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.10:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.127:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.190:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.8:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.32:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.33:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.43:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.44:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.45:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.222:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.223:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.224:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.225:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.226:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.227:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.147:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.151:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.27:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.28:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.29:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.30:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.153:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.154:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.155:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.196:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.197:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.198:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.36:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.207:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.208:C:\Documents and Settings\Vic.NPI\Application Data\Mozilla\Firefox\Profiles\000rwkp8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.


::Report end



0

Response Number 8
Name: jabuck
Date: January 22, 2007 at 19:10:54 Pacific
Reply:

The scan was not set to quarantine and must be set that way to remove the baddies.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

Please run the scan again and post the results. Then post a new Combofix log.


0

Response Number 9
Name: VicV
Date: January 22, 2007 at 20:37:06 Pacific
Reply:

First thank you for all the help and advice. I will do as you suggest tomorrow. I hope this also might be of some use Symantec keeps reporting one type of infestation and it always seems to be in a temp file I took the liberty of posting part of my log I don't know what VPMECTMP belongs to since if I do a search of my system it doesn't show up

Risk history snip

Risk Action Count Filename Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Reboot Processing 2 Unavailable Non-Viral Malicious Unavailable VIC-MASTER-BOX NPI\Vic Infected Unavailable Delete Leave alone (log only) Reboot Processing Performing Post-Reboot Risk Processing.
W32.Stration@mm Cleaned by deletion 2 MEC5021.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Reboot Required - Cleaned by deletion 3 MEC5017.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Reboot Required - Clean security risk Reboot Required - Quarantine Auto-Protect scan
W32.Stration@mm Reboot Processing 2 Unavailable Non-Viral Malicious Unavailable VIC-MASTER-BOX NPI\Vic Infected Unavailable Delete Leave alone (log only) Reboot Processing Performing Post-Reboot Risk Processing.
W32.Stration@mm Cleaned by deletion 2 MEC4987.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Reboot Required - Cleaned by deletion 3 MEC4983.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Reboot Required - Clean security risk Reboot Required - Quarantine Auto-Protect scan
W32.Stration@mm Reboot Processing 2 Unavailable Non-Viral Malicious Unavailable VIC-MASTER-BOX NPI\Vic Infected Unavailable Delete Leave alone (log only) Reboot Processing Performing Post-Reboot Risk Processing.
W32.Stration@mm Cleaned by deletion 2 MEC52365.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Cleaned by deletion 2 MEC52361.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Cleaned by deletion 2 MEC38045.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Cleaned by deletion 2 MEC38041.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Cleaned by deletion 2 MEC21933.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Cleaned by deletion 2 MEC21929.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Cleaned by deletion 2 MEC30929.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Cleaned by deletion 2 MEC26547.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Cleaned by deletion 2 MEC26543.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Cleaned by deletion 2 MEC4881.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Clean security risk Quarantine Auto-Protect scan
W32.Stration@mm Reboot Required - Cleaned by deletion 3 MEC4877.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ VIC-MASTER-BOX NPI\vic Infected C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\ Reboot Required - Clean security risk Reboot Required - Quarantine Auto-Protect scan
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.
W32.Stration@mm Cleaned 1 ?????? File ?????? VIC-MASTER-BOX NPI\ Cleaned ?????? Clean security risk Quarantine Auto-Protect scan The file was repaired successfully.


MEC4297.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC4293.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
Unavailable Non-Viral Malicious Unavailable
MEC5017.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC5013.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
Unavailable Non-Viral Malicious Unavailable
MEC13951.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC13947.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC9425.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC9421.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC2721.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC2717.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
Unavailable Non-Viral Malicious Unavailable
MEC106125.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC106121.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC89343.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC89339.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC70161.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC70157.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC65717.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC65713.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC59115.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC59111.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC41139.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC41135.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC37247.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC37243.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC35027.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC35023.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC32767.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC32763.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC28675.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC28671.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC23857.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC23853.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC17667.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC17663.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC11301.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC11297.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC5143.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC5139.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
Unavailable Non-Viral Malicious Unavailable
MEC4349.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC4345.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
Unavailable Non-Viral Malicious Unavailable
MEC15077.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC15073.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC14963.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC14959.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC8741.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC8737.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC6593.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC6589.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC6481.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC6477.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC77.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC73.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
Unavailable Non-Viral Malicious Unavailable
MEC1935.bat File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\
MEC1931.exe File C:\Documents and Settings\Vic.NPI\Local Settings\Temp\VPMECTMP\


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: W32.Station@mm & Symantec
W32.Aplore@mm www.computing.net/answers/security/w32aploremm/1828.html

w32.yaha@mm virus www.computing.net/answers/security/w32yahamm-virus/3646.html

w32.mytob@mm , w32.blackmal.E@mm www.computing.net/answers/security/w32mytobmm-w32blackmalemm/18452.html