Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis log

Unread postby krforrester » April 30th, 2006, 2:31 pm

I had received your assistance in the past but I was delayed in finishing so had to start over. My computer is acting slow and also has been freezing up fairly regularly. Here is my log and thanks in advance for any assistance:

Logfile of HijackThis v1.99.1
Scan saved at 10:29:17 AM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHandler Class - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - C:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PasswdMon] KeywordFinder.exe
O4 - HKLM\..\Run: [Bogobot] dialer423.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - HKCU\..\Run: [killall] NopeZ.exe
O4 - HKCU\..\Run: [SpyElim] Preliminary.exe
O4 - HKCU\..\Run: [defect08] progmen.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm
Advertisement
Register to Remove

Unread postby 'KotaGuy » April 30th, 2006, 3:48 pm

Hi krforrester!

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/l ... areout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

O4 - HKLM\..\Run: [PasswdMon] KeywordFinder.exe
O4 - HKLM\..\Run: [Bogobot] dialer423.exe
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - HKCU\..\Run: [killall] NopeZ.exe
O4 - HKCU\..\Run: [SpyElim] Preliminary.exe
O4 - HKCU\..\Run: [defect08] progmen.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180


Click FIX CHECKED. Close HijackThis.

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby krforrester » April 30th, 2006, 7:53 pm

Here is my latest logs you requested. I am trying to do this as quickly as possible before I crash again (I think I am having video card problems - I have a fairly new ATI X800 XL).

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 3:50:23 PM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHandler Class - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - C:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - HKCU\..\Run: [killall] NopeZ.exe
O4 - HKCU\..\Run: [SpyElim] Preliminary.exe
O4 - HKCU\..\Run: [defect08] progmen.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Fixwareout:


Fixwareout ver 1.003
Last edited 2/15/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby 'KotaGuy » April 30th, 2006, 11:48 pm

Hmm... something went wonky...

Lets try it again... little different this time though.

Print this out for reference during the fix as you won't be able to go online.

Boot into Safe Mode. To do this:

1. Reboot your computer.
2. Tap the F8 button as your computer is booting to bring you to the Advanced Options Menu.
3. Select Safe Mode and press Enter.

Run WareOutFix again. When your computer reboots go back into Safe Mode.

Close all open windows and run HJT. Place a check beside the following and fix:

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

O4 - HKLM\..\Run: [PasswdMon] KeywordFinder.exe
O4 - HKLM\..\Run: [Bogobot] dialer423.exe
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - HKCU\..\Run: [killall] NopeZ.exe
O4 - HKCU\..\Run: [SpyElim] Preliminary.exe
O4 - HKCU\..\Run: [defect08] progmen.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)


Make sure no files are hidden. To do this:

1. Click Start.
2. Open My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Click OK.

Search for and delete this file:

C:\WINDOWS\System32\secupd.exe

Click the Windows Key+F. Click All files and folders. Click More Advanced Options. Make sure the first three boxes are checked. Search for and delete these files:

KeywordFinder.exe
dialer423.exe
Serviceprocess.exe
browsebar.exe
DTOURS.exe
NopeZ.exe
Preliminary.exe
progmen.exe


You will need to search for those one at a time.

Once done reboot and post the report.txt file and a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby krforrester » May 1st, 2006, 11:03 am

I followed all of you instructions. However, when doing the search for the files, none of them were found. Here are the new logs:

Fixwareout:

Fixwareout ver 1.003
Last edited 2/15/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:59:40 AM, on 5/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHandler Class - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - C:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - HKCU\..\Run: [killall] NopeZ.exe
O4 - HKCU\..\Run: [SpyElim] Preliminary.exe
O4 - HKCU\..\Run: [defect08] progmen.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby 'KotaGuy » May 1st, 2006, 12:01 pm

Thanks for posting the log!

OK.. if you cant find the files then its should be only the reg entries we need to get rid of.

Please disable TrojanHunter Guard as it may interfere with the fix. To disable TrojanHunter Guard:
  • Right click the System Tray icon and select Settings.
  • Uncheck "Load at startup".
  • Uncheck "Enabled".

Once your log is clean you can re-enable TrojanHunterGuard.

Could you diasble A2's guard as well please... sorry I don't have instructions for that one but it should be fairly similar to TrojanHunter.

Run and scan with HiajckThis, with all browsers and windows closed, place a check beside the following and fix:

O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - HKCU\..\Run: [killall] NopeZ.exe
O4 - HKCU\..\Run: [SpyElim] Preliminary.exe
O4 - HKCU\..\Run: [defect08] progmen.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180


After you have fixed those run HJT again... press the Misc Tools button... then the Delete an NT Service button. In the text field type in Windows Security Update and click OK.

Reboot and post a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby krforrester » May 1st, 2006, 9:48 pm

I followed your instructions but was not able to complete the following since HJT would not let me:

After you have fixed those run HJT again... press the Misc Tools button... then the Delete an NT Service button. In the text field type in Windows Security Update and click OK

Here is the new HJT log but I see the stuff I "fixed" with HJT are still there:

Logfile of HijackThis v1.99.1
Scan saved at 5:45:15 PM, on 5/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHandler Class - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - C:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - HKCU\..\Run: [killall] NopeZ.exe
O4 - HKCU\..\Run: [SpyElim] Preliminary.exe
O4 - HKCU\..\Run: [defect08] progmen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.116.132,85.255.112.180
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby 'KotaGuy » May 2nd, 2006, 12:07 am

Thanks for posting the log.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Copy/paste the following quote box into a new notepad (not wordpad) document.

regedit /e %systemdrive%\regkey.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
notepad %systemdrive%\regkey.txt
del /q %systemdrive%\regkey.txt


Save it to your Desktop as regkey.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name:regkey.bat

Locate regkey.bat on your Desktop and double-click it.
When notepad opens, copy/paste the content in your reply.
When you close Notepad the CMD window will close automatically and the text file will be deleted so copy/paste that info into your reply before closing the notepad window.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby krforrester » May 2nd, 2006, 12:38 am

Hmm, I can't download Kapersky. When I click on the "Accept" button, nothing happens. Maybe there is a temporary website problem. I will keep trying.
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby 'KotaGuy » May 2nd, 2006, 12:51 pm

Let me know if you can the KAV scan to work.. if not we'll try another.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby krforrester » May 2nd, 2006, 2:47 pm

I got it to work once I tried it with Explorer, so perhaps it was a Firefox issue. I will post the results when I get home from work. Thanks for the help and follow up.
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby krforrester » May 2nd, 2006, 9:07 pm

Here is the Kapersky log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 02, 2006 5:03:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 2/05/2006
Kaspersky Anti-Virus database records: 191052
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 106044
Number of viruses found: 34
Number of infected objects: 685
Number of suspicious objects: 131
Duration of the scan process: 01:18:48

Infected Object Name / Virus Name / Last Action
C:\Program Files\Norton AntiVirus\Quarantine\00553271.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\00675C7E Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\00966F17.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\00CA406D.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\01501921.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\015632E9.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01D92BB3.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\020E7D0A.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\029304E7.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\034D5E1A.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\037B29E7.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\03C04D2C.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\03D77313.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\041E5D34.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\04AD1C06 Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\04C91609.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\052103A8.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\05217F42.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\053B5278/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\053B5278/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\053B5278/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\053B5278/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\053B5278 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\053B5278 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\053B5278 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\053B5278 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\053B5278 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\058D6D31.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\05DD60F2.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\05E7774B.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\05FE7923.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\06081067/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\06081067/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\06081067/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\06081067/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\06081067 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06081067 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06081067 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06081067 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06081067 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\064E73DF.htm Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\06C62BD8.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\070323AE.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\08005370/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\08005370/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\08005370/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\08005370/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\08005370 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\08005370 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\08005370 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\08005370 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\08005370 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\083A2CAF.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\08BD6DAF.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\08CD0E0D.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\08D03809.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\09073986.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\091B34DB Infected: Trojan.Java.ClassLoader.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AAD29FD.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AEE71B5.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B683B3C Infected: Trojan-Dropper.Java.Beyond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C045D79 Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CF12405.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D2E6C4C Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D454EF9.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0DC2269A Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E0C0CBB.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EB73D44 Infected: Trojan-Dropper.Java.Beyond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\105C4D71 Infected: Trojan-Dropper.Java.Beyond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\10884A49.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\115A16F5.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\11AF5A98.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\11B35772.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\11BC5568.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\11CD2756.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\11DD2951.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\12147028.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\121F7F8B.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\12204676.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\127C664B.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\12C02CAA.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\12C456A6.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\12C456A6.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\14182CCF.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\14D91188.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\15350FA2.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\15427B84/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\15427B84/BlackBox.class Infected: Trojan.Java.ClassLoader.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\15427B84/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\15427B84/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\15427B84 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\15427B84 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\15427B84 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\15427B84 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\15427B84 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\15E508CD.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\168211DE.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\171B617F.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\171D4971 Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1720736D/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\1720736D/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\1720736D/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1720736D/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\1720736D ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1720736D Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1720736D Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1720736D Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1720736D CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17264766/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\17264766/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\17264766/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\17264766/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\17264766 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17264766 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17264766 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17264766 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17264766 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\173C33B6.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\17C9411B.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\183854A1.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\183B7E59.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CC47178.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CD54366.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1D1D20E2.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1D79387D.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1D96325D.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1DB45A98.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1DF84DF6 Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E1941CD.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E236E1D.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E2C3DB8.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0/Beyond.class Infected: Trojan.Java.StartPage.o skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0/BlackBox.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EFD4098.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F285EA3.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F59546D.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F83763E.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F8B3D70.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FAA6E13.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\200379EB.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\20147FB7.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\2086197D.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\210A773C Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\21257472.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\21333768/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\21333768/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\21333768/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\21333768/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\21333768 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\21333768 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\21333768 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\21333768 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\21333768 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\21AB121C.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\22094734 Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\232C2EDE.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\23355D46 Infected: Trojan-Dropper.Java.Beyond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\23445C79.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\23830892.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\23946E6B.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\23A26FB6.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\23AF17A7.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\23D510F9.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\24C8318D.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\250E18D3.htm Infected: Trojan-Downloader.JS.Inor.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\251839F9 Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\256D5DAA.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\25AC39CD Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\25E33616.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\25E66012.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\264039A1/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\264039A1/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\264039A1/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\264039A1/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\264039A1 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\264039A1 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\264039A1 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\264039A1 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\264039A1 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\268D3CB3.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\268D3CB3.htm Infected: Exploit.VBS.Phel.y skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D43975/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D43975/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D43975/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D43975/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D43975 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D43975 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D43975 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D43975 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D43975 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\270A2465.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\27566FA1.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\28255D07.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\283858F2.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\28C06270.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\28D53845.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\29456D81.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\29613211.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\29806141.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\29F94794.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A085907.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A6B303E.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A81346F.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A825625.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A975A56.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AA37A01.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B760161.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B882360.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2BC4710B.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C215AC7.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C27532E.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C27532E.htm Infected: Trojan-Downloader.JS.Inor.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C6218BB.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C672BCA Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C7438AF.htm Infected: Trojan-Dropper.VBS.Inor.cz skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C840A9D.htm Infected: Trojan-Dropper.VBS.Inor.cz skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C955C8B.htm Infected: Trojan-Dropper.VBS.Inor.cz skipped
C:\Program Files\Norton AntiVirus\Quarantine\2CA60A70.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\2CA85875.htm Infected: Trojan-Dropper.VBS.Inor.cz skipped
C:\Program Files\Norton AntiVirus\Quarantine\2CAA629E.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2D2163C8.htm Infected: Trojan-Downloader.VBS.Small.s skipped
C:\Program Files\Norton AntiVirus\Quarantine\2D2245E7.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2D8561CF Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2D877959.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DF27CA4.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E553096.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E587873.htm Infected: Trojan-Downloader.VBS.Small.s skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E781C4F.htm Infected: Trojan-Downloader.VBS.Small.s skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E862660.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2ED023B0.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EEE1D90.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F305BD6.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2FA876C3.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2FDA631C.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2FE36E63 Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\301556DB.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\30534665.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\30624FF6.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\308373D2.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\30901BC4.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\30B03FA0.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\30CE397F.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\313F5E6C.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\315472EC.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\316709AB.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\31836F28.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\320D237A Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\32191272.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\323B044D/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\323B044D/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\323B044D/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\323B044D/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\323B044D ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\323B044D Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\323B044D Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\323B044D Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\323B044D CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3300566B.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\34591490.exe Infected: Backdoor.Win32.Agent.rw skipped
C:\Program Files\Norton AntiVirus\Quarantine\348E5721.exe Infected: Trojan-Clicker.Win32.Small.kg skipped
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\352B7DD4.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\35891CD7 Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\361536D4.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\367C2BCF.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\36AA6FB5.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\36E24880 Infected: Trojan-Downloader.Win32.Small.ii skipped
C:\Program Files\Norton AntiVirus\Quarantine\370D0B8D Infected: Trojan.Java.ClassLoader.aj skipped
C:\Program Files\Norton AntiVirus\Quarantine\37190B22.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\39120067.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\39E216A5.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\3AC1268C.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\3BCB5A02.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\3BDF2C74.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\3C3519FF Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DB9035C.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DE414AD.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DE414AD.htm Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DFD7510.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E001F0D.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E2641AF.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E5F60A4.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E807590.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\3EDB6404.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F0B742A.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F867B48 Infected: Trojan-Downloader.Win32.Small.ii skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F884D5D.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F9C3A58.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FA6473D.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\402F27EF.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\40D507EF.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\42387570/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\42387570/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\42387570/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\42387570/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\42387570 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\42387570 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\42387570 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\42387570 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\42387570 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\438A4CF5.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\43B53F90.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\43E652A1.exe Infected: Trojan-Downloader.Win32.Small.bgv skipped
C:\Program Files\Norton AntiVirus\Quarantine\45214069.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\45321257.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\454C623A.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\455F5E24.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\45DB199C.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\46F95A57 Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\48CB5FC0.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\48D807B2.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\49181388.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\49383764.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\493C6161.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\4945012B.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\49471AA4.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\49756672.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\498962F0.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\4A230615.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\4BD03677.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\4BD30D43.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\4C260614.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\4C332E05.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\4C5127E5.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DAB05D0.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DC8316F Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DEF7784.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E784E22.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E79684C Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E815181.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F9C2E2B.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\4FC6068E.htm Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\4FDD1F98.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\50414995.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\50D14B65.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\512975F7.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\51371E90.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\515E15BD.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\518A720D.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\518D1C09.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\51D71848.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\51F41228.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\523C129C.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5263349E.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\52690897.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\52C1370A.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\52CE5EFB.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\537E3A39.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\54744658.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\554245C4.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\5630057F.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\57123451 Infected: Trojan.Win32.Small.bm skipped
C:\Program Files\Norton AntiVirus\Quarantine\576D7D13.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\57767B08.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\57E63AAE.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\58144B6B.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\58BA0F45.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\58BA0F45.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\58D73217.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\590554F3.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\590554F3.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\591C7ADA.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\592621C1.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F/BlackBox.class Infected: Trojan.Java.ClassLoader.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\59356298.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\59642186.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\59B65923.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\59C67B50.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\59C9254C.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\59DD50F8.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A490AC0.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A490AC0.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A9B7B82.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5AA20E84.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5AAE2051.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5AAE2051.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5AB9346B.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5ACA0A32.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5ACB1A30.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5ACF442D.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5AE478C5.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B1666AC.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B442BAB.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B442BAB.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B687984.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B6B2380.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B6B2380.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BB01C04.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BB01C04.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BB6692E.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BB6692E.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BD13911.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BD4630D.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BFE04DE.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5C022EDB.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5C2F2DB0.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\5C364EA1.htm Infected: Trojan-Downloader.JS.Weis.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\5C876F16.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CD505B3.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D4E192E.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5DCC4E9A.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\5DE360F0.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5DE52488.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E2E30C9.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F5A3D53.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5FE239C4.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\60206984 Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\60B20DA1.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\60C5454A.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\610D0D75.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\614F4983.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\61517F29.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\61861EF0.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\61AA741A.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\61CD3AA1.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\61E80A84.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\61ED7819.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\62504A11.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\62571260.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\626D43F1.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\626E3846.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\62855E2D.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\62892F30 Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\629F2E11.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\62AF0BA9.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\62FA5B82.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\63077948.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\63247327.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\634F14F9.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\635231D5.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\63760CCE.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\63B848DC.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\644628CA.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\647F488A.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\64974270.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\64B91CF0.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\64CB69CE Infected: Trojan.Java.ClassLoader.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\64CD18DA.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\64D16230.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\65B56A55.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\65D26435.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\66141ECC.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\666F4388.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\667F1576.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\66A00CD8.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\66AD6144.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\66B308C3.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\66D949F4.htm Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\66E23B54 Infected: Trojan.Java.ClassLoader.aj skipped
C:\Program Files\Norton AntiVirus\Quarantine\66E85503.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\66F245D8.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\671637F1.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\671F1EC6.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6720131C.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\676E014F.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\67746269.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\67915C48.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\679F1B5A.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\67A8022F.gif Infected: Exploit.HTML.Mht skip
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby krforrester » May 2nd, 2006, 9:10 pm

Kapersky cont.:

C:\Program Files\Norton AntiVirus\Quarantine\67AD46D2.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\68180895.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\684231DE Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\686A467B.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\68907AB6.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\68EF5BA7.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Program Files\Norton AntiVirus\Quarantine\69125ED7.htm Infected: Trojan-Dropper.VBS.Inor.cz skipped
C:\Program Files\Norton AntiVirus\Quarantine\69547E59.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\696B243F.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\698F7218.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\699436BA.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\69B87DC4.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\69CC79AE.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\69D039D0.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A080393.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A1642A4.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A1F297A.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A2226FC.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A406476.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A494B4B.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A843360.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A8A1303.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6ADD6ACD.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6AE9549B.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B0D2273.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B3164A2.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B3B6E41.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B4E6A2C.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B5F3C1A.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B6C56EB.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B807716.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B895DEB.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B8A5241.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B8D1F07.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6BD16DF2.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6BDC0EB1.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6BEC609F.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6BFA0C17.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C205D9B.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C3D577B.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C547D62.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C5858EE.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C644F50.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C681C16.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C75213E.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C8C4725.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6CD20265.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\6CDA685E.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6CE434C4.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6D08029C.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6D0B2C99.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DD77E0A.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6E195519.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6E307AFF.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6E717476 Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6EDE2B84.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6EFC3D41.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6EFC40C6.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6F3A5AFC.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6F7E40FC.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6F957298.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6FD63A50.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6FD94D2C.gif Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\6FE13BCB.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7015580B.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\704F4BCB.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\70741D29.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\707B7122.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\70AA409C.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\70B50DD4.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\710723AD.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\713973A8.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\713C491B Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\723D3F6B.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\72423F64.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\72653740.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\728A5B15.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE28EE.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\72E41CB3.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\72F46EA1.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\72F6449F.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\732D1B82.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\73396056.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\73551D83.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\73826950.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\741220B2.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\744A776A.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\745A4958.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7464230C.wmf Suspicious: Exploit.Win32.IMG-WMF skipped
C:\Program Files\Norton AntiVirus\Quarantine\746A787B.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\74927050.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\74D030D6.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\74D35AD3.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\74D76D17.htm Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\74E002C4.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\759A1D66.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\75B20564.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\75FD0594.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\761A5031.htm Infected: Trojan-Clicker.JS.Linker.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\76C448B0.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\77430B5A.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\77601B10.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\776501BF.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\77686445.htm Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\776D4FF6.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\782B61EB.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\786970E1.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\78C73FC9.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\78F9108B.htm Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\795058EB.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\79B27482.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\79C67D60.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B004ACD.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B965628.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B965628.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B990024.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7BE42AE7.htm Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton AntiVirus\Quarantine\7C6A7F3E.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7C6F1771 Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7C746249.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7C746249.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7CC6705C.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D522384.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D9A3FF0.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EA95CC6.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7ED45819.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482/BlackBox.class Infected: Trojan.Java.ClassLoader.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482 ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482 Crypt.Quarantine: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F560E07.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F5E0E4E.htm Infected: Trojan-Dropper.VBS.Inor.cz skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F7407E7.htm Suspicious: Exploit.HTML.Mht skipped
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP275\A0026278.exe Infected: Trojan.Win32.Small.hl skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From pslraiderron <pslraiderron@msn.com>][Date Sun, 3 Aug 2003 17:05:44 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: suspicious - 1 skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From Rudyk <Rudyk@acninc.net>][Date Wed, 10 Sep 2003 04:29:05 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ormick <ormick@phs.com>][Date Wed, 8 Oct 2003 06:20:54 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ormick <ormick@phs.com>][Date Wed, 8 Oct 2003 06:20:54 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From sjones <sjones@netcom-sys.com>][Date Sat, 11 Oct 2003 08:47:13 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From sjones <sjones@netcom-sys.com>][Date Sat, 11 Oct 2003 08:47:13 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From postmaster <postmaster@hotmail.com>][Date Fri, 17 Oct 2003 08:49:59 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From postmaster <postmaster@hotmail.com>][Date Fri, 17 Oct 2003 08:49:59 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From Rudyk <Rudyk@acninc.net>][Date Wed, 10 Sep 2003 04:29:05 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From Rudyk <Rudyk@acninc.net>][Date Wed, 10 Sep 2003 04:29:05 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ubuhjamvndiwjm <ubuhjamvndiwjm@owva.com>][Date Thu, 2 Oct 2003 01:40:56 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ubuhjamvndiwjm <ubuhjamvndiwjm@owva.com>][Date Thu, 2 Oct 2003 01:40:56 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From auto-confirm <auto-confirm@amazon.com>][Date Tue, 7 Oct 2003 09:16:25 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From auto-confirm <auto-confirm@amazon.com>][Date Tue, 7 Oct 2003 09:16:25 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: suspicious - 29 skipped
D:\System Volume Information\_restore{1349831D-D460-4D4B-992E-9AEC037AAFB3}\RP44\A0001358.exe Infected: Backdoor.Win32.Divux.b skipped
D:\System Volume Information\_restore{1349831D-D460-4D4B-992E-9AEC037AAFB3}\RP76\A0006486.Exe Infected: Backdoor.Win32.Divux.b skipped
D:\System Volume Information\_restore{1349831D-D460-4D4B-992E-9AEC037AAFB3}\RP87\A0007572.exe Infected: Trojan-Clicker.Win32.Axec skipped
D:\System Volume Information\_restore{1349831D-D460-4D4B-992E-9AEC037AAFB3}\RP92\A0008588.Exe Infected: Backdoor.Win32.Divux.b skipped

Scan process completed.
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby krforrester » May 2nd, 2006, 9:11 pm

Here is the regkey.bat:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"=""
"MtdAcq"="C:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\MtdAcq.EXE /s"
@=" /s"
"ATI DeviceDetect"="C:\\Program Files\\ATI Multimedia\\main\\ATIDtct.EXE"
"ATI Launchpad"=""
"keybdll"="Serviceprocess.exe"
"MNTP"="browsebar.exe"
"SysEntry"="DTOURS.exe"
"killall"="NopeZ.exe"
"SpyElim"="Preliminary.exe"
"defect08"="progmen.exe"
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby 'KotaGuy » May 2nd, 2006, 9:48 pm

Thanks for posting the logs.

Copy/paste the following into a new notepad document.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"=-
"keybdll"=-
"MNTP"=-
"SysEntry"=-
"killall"=-
"SpyElim"=-
"defect08"=-



Save it to your desktop as fixme.reg. Save it as File Type All Files(not as a text document or it wont work). Double click fixme.reg and answer yes when asked to merge it into the registry.

Reboot and post a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 111 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware