Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack This log

Unread postby krforrester » January 8th, 2006, 5:31 pm

I have been having problems with unwanted toolbars, problems using my F drive, and problems with Firefox (fatal errors). I also can't perform a complete scan with Spybot since it freezes up. Ad-Aware also periodically freezes. I did run TrojanHunter.

Here is my Hijack This log (I think I did this right):

Logfile of HijackThis v1.99.1
Scan saved at 1:24:58 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R3 - URLSearchHook: (no name) - {31F3913F-9EBC-11EB-8401-BCE1BB43AADD} - WhatsNewBot.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHandler Class - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - C:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xwiz] ftbar.exe
O4 - HKLM\..\Run: [bnui] TemplateDongle.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm
Advertisement
Register to Remove

Unread postby Rogue » January 8th, 2006, 7:28 pm

Hi krforrester,

Welcome to the Malware Removal forums. I will be more than happy to help you work on your problems.
Please give me some time to review your log as this can be a lengthy process. As soon as a MR Staff Member reviews my fix, I will post it for you.
In the mean time, if any problems occur. Please let me know.
Please only use this topic to reply to. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.
If you’re unsure of anything at all please stop and ask!


Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby krforrester » January 8th, 2006, 7:30 pm

Thank you, Rogue.
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby Rogue » January 8th, 2006, 9:12 pm

Hi krforrester,

Please read through this post since I am asking you to download specific software to assist you.

If you have not already installed Ad-Aware SE 1.06, please download and install Adawre SE 1.06.
Check Here on how setup and use it - please make sure you update it first.
Perform a scan, make sure you delete all the items in red
==========

If you have not already installed Spybot S&D 1.4, Please download and install Spybot S&D,
Restart your computer now.
Make sure you update it, and then perform a full scan, make sure you delete every item found
==========

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?ac ... t&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe
Save it to your desktop
==========

Now, enable the Show Hidden Folders option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
==========

Please go to:
Start
Control panel
Add/Remove programs


Find and remove these programs (if they are present)

PartyPoker
UnSpyPC

(Note: If some programs listed are not present, please do not panic)
=========

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
==========

Run FixWareout
Click Next, then Install, then make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
==========

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R3 - URLSearchHook: (no name) - {31F3913F-9EBC-11EB-8401-BCE1BB43AADD} - WhatsNewBot.dll (file missing)

O4 - HKLM\..\Run: [xwiz] ftbar.exe
O4 - HKLM\..\Run: [bnui] TemplateDongle.exe
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe

O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135

O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)

Click Fix Checked.
Close HijackThis, and click OK to proceed.
==========

Using Windows Explore by right-clicking the Start button and left clicking. Explore navigate to and find the following files: if found, delete the following files (some may not be present after previous steps):

C:\WINDOWS\System32\secupd.exe

Again using Windows Explore navigate to and find following folders: if found, delete the following folders (some may not be present after previous steps):

C:\Program Files\UnSpyPC
C:\Program Files\PartyPoker.net

Using Windows search (Start > Search), attempt to locate and delete the following:

WhatsNewBot.dll
ftbar.exe
TemplateDongle.exe
UnSpyPC.exe
Serviceprocess.exe
browsebar.exe
DTOURS.exe

Now empty your Recycle Bin
==========

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.
==========

Thanks,

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby krforrester » January 10th, 2006, 11:46 am

Thanks so much for the help. The problems I was having appear to be resolved. I was actually able to run SpyBot again. In the instructions you told me to find and delete a number of files (e.g. WhatsNewBot.dll), but I was not able to find any of those files.

Finally, I have been having the same problem for over a year now which may or may not related to my Audigy 2 soundcard (read it somewhere). Whenever I reboot the file "System32" always opens. It is not among the programs or files scheduled to open upon start up. Anyway, just thought I would mention it to see if you ever heard of it.

Here is the new Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 7:41:25 AM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sony\EverQuest II\EverQuest2.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHandler Class - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - C:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [dmhle.exe] C:\WINDOWS\system32\dmhle.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{257E479A-456B-49CC-AE06-C59F56013E8F}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)



And here is the fixwareout report:

Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nvjmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSMVA.EXE
C:\WINDOWS\SYSTEM32\DMJVN.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool


Thanks again for the great and fast help.
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby Rogue » January 10th, 2006, 12:15 pm

Thanks krforrester
Let me look at this log and I'll do some research and get back with you as soon as I can.

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Rogue » January 11th, 2006, 1:06 pm

Hi krforrester,

Glad to here things are running better. We still have some “bugsâ€
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby krforrester » January 12th, 2006, 11:31 am

Here is the new HJT log after doing all of the things you suggested. I do note that during explore/search I was not able locate a number of the files.

Logfile of HijackThis v1.99.1
Scan saved at 7:27:19 AM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHandler Class - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - C:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)


And here is the ewido report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:59:25 AM, 1/12/2006
+ Report-Checksum: 3382824A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} -> Spyware.VirtualBouncer : Cleaned with backup
HKU\S-1-5-21-2257325288-2060136184-446822186-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-21-2257325288-2060136184-446822186-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-21-2257325288-2060136184-446822186-1006\Software\Classes\AtlBrCon.AtlBrCon -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-2257325288-2060136184-446822186-1006\Software\Classes\AtlBrCon.AtlBrCon\CurVer -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-2257325288-2060136184-446822186-1006\Software\Classes\AtlBrCon.AtlBrCon.1 -> Spyware.eZula : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.583:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.584:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.585:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.607:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.681:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.682:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.684:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.705:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.747:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.748:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.749:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.750:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.758:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.933:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.935:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Keith Forrester\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-3f187737.class -> Downloader.Small.wv : Cleaned with backup
C:\WINDOWS\system32\c58bKs.dll/bi.dll -> Trojan.Bispy.A : Error during cleaning
C:\WINDOWS\system32\c58bKs.dll/biprep.exe -> Trojan.Bispy.B : Error during cleaning
C:\WINDOWS\system32\c58bKs.dll/bi.dll -> Trojan.Bispy.A : Error during cleaning
C:\WINDOWS\system32\c58bKs.dll/biprep.exe -> Trojan.Bispy.B : Error during cleaning
C:\WINDOWS\system32\dmbhv.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\SWRT01.dll -> Spyware.VirtualBouncer : Cleaned with backup
D:\Documents and Settings\Keith Forrester\Cookies\keith forrester@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
D:\WINDOWS\system32\DReplace.dll -> Spyware.CoolWebSearch : Cleaned with backup
D:\WINDOWS\system32\q78kdov0.dll -> Spyware.CoolWebSearch : Cleaned with backup


::Report End


Again, thanks for the quick and great help.
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby Rogue » January 13th, 2006, 10:16 am

Hi krforrester,

I do note that during explore/search I was not able locate a number of the files.

I have included some steps in the search section to help with that. Make sure you enable hidden files.
Make a note of the files you cannot delete or find

ewido could not remove some nasties, so we will do it in safe mode again. Here is the junk we are after:
C:\WINDOWS\system32\c58bKs.dll/bi.dll -> Trojan.Bispy.A : Error during cleaning
C:\WINDOWS\system32\c58bKs.dll/biprep.exe -> Trojan.Bispy.B : Error during cleaning
C:\WINDOWS\system32\c58bKs.dll/bi.dll -> Trojan.Bispy.A : Error during cleaning
C:\WINDOWS\system32\c58bKs.dll/biprep.exe -> Trojan.Bispy.B : Error during cleaning

==========

Now, enable the Show Hidden Folders option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
==========

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
==========

Please download FixWareout from
http://swandog46.geekstogo.com/Fixwareout.exe

Note: Leave your internet connection running, the fixwareout may prompt you to download BFU from merijn.

Save it to your Desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click scan and check the following items.

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" <<< May interfere with our fix
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing

O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135

O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.
==========

Going to SAFE MODE
Reboot your computer
As soon as it starts to boot, rapidly press the f8 key.
Select Safe Mode from the menu
If you are still unsure, see here
==========

Using Windows Explore by right-clicking the Start button and left clicking. Explore navigate to and find the following folders: if found, delete the following folders (some may not be present after previous steps):

C:\Program Files\PartyPoker.net
C:\Program Files\WareOut

Again using Windows Explore navigate to and find following files: if found, delete the following files (some may not be present after previous steps):

C:\WINDOWS\System32\secupd.exe
C:\WINDOWS\system32\c58bKs.dll


Now we need to do a search. Start | Search | For Files and Folders.
Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
Paste files into the Search for files and folders named box:

DTOURS.exe
browsebar.exe
Serviceprocess.exe
biprep.exe
bi.dll

If any of these files are found please delete them.

Now empty your Recycle Bin
=========

Run ewido Malware Remover

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
Select "none" as the action. DO NOT check "Perform action with all infections ". If you are unsure of an entry, select "none" for the time being.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.

Now close ewido security suite.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!
==========

Boot PC in Normal Mode

==========

Run an online virus scan called Kapersky from here.

1. Click on "Kapersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kapersky will update the anti-virus database. Let it run.
4. Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. Once finished, save a log as ".txt" to the desktop. And restart.
==========

Download WinPFind.zip to your Desktop or to your usual Download Folder.
http://www.bleepingcomputer.com/files/winpfind.php
Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
Open the C:\WinPFind folder and double-click on WinPFind.exe.
Click on Configure Scan Options.
Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
Click on the Start Scan button and wait for it to finish.

Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named C:\WinPFind\WinPFind.txt. Please copy that log into your next reply.
==========

Post a new HJT log.
Post FixWareout Log
Post kapersky Log
Post the ewido scan
Post WinPFind.txt
You may have to use multiple post since logs can get cutoff.
Note of files you cannot delete or find

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby krforrester » January 16th, 2006, 7:00 pm

I followed all of the instructions.

The following files could not be found through explore:

C:\Program Files\PartyPoker.net
C:\Program Files\WareOut
C:\WINDOWS\System32\secupd.exe

The following files could not be found through searching:

DTOURS.exe
browsebar.exe
Serviceprocess.exe


I don't recall seeing a FixWareout Log during this process. Did I miss something even though I did run FixWareout? Here are all of the other logs (I will continue in another reply):

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:29 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WinPFind\WinPFind\winpfind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHandler Class - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - C:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

_____
Kapersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 16, 2006 14:36:08
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/01/2006
Kaspersky Anti-Virus database records: 171531
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 104462
Number of viruses found: 43
Number of infected objects: 591
Number of suspicious objects: 159
Duration of the scan process: 4704 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Keith Forrester\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv109.jar-783040dc-18b7995e.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Keith Forrester\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv109.jar-783040dc-18b7995e.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Keith Forrester\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderdimanit.jar-6cc11b1f-4db57592.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Keith Forrester\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderdimanit.jar-6cc11b1f-4db57592.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From pslraiderron <pslraiderron@msn.com>][Date Sun, 3 Aug 2003 17:05:44 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From coachdaveward <coachdaveward@hotmail.com>][Date Sat, 23 Aug 2003 16:11:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From coachdaveward <coachdaveward@hotmail.com>][Date Sat, 23 Aug 2003 16:11:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From Larry_Ryman <Larry_Ryman@Maxtor.com>][Date Wed, 3 Sep 2003 01:56:58 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From Larry_Ryman <Larry_Ryman@Maxtor.com>][Date Wed, 3 Sep 2003 01:56:58 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From ptjyS <ptjyS@btopenworld.com>][Date Mon, 8 Sep 2003 05:35:29 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From ptjyS <ptjyS@btopenworld.com>][Date Mon, 8 Sep 2003 05:35:29 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From Dwm7766 <Dwm7766@aol.com>][Date Sat, 6 Sep 2003 02:11:02 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From Dwm7766 <Dwm7766@aol.com>][Date Sat, 6 Sep 2003 02:11:02 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From jamesherlihy68 <jamesherlihy68@hotmail.com>][Date Thu, 4 Sep 2003 23:48:38 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From jamesherlihy68 <jamesherlihy68@hotmail.com>][Date Thu, 4 Sep 2003 23:48:38 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From GMohagen <GMohagen@aol.com>][Date Fri, 12 Sep 2003 05:37:30 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From GMohagen <GMohagen@aol.com>][Date Fri, 12 Sep 2003 05:37:30 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From Wil <Wil@affluentgolfer.com>][Date Fri, 12 Sep 2003 05:38:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From Wil <Wil@affluentgolfer.com>][Date Fri, 12 Sep 2003 05:38:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From rwhacker <rwhacker@home.com>][Date Fri, 19 Sep 2003 05:50:58 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From rwhacker <rwhacker@home.com>][Date Fri, 19 Sep 2003 05:50:58 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From lelandvion <lelandvion@earthlink.net>][Date Tue, 16 Sep 2003 01:19:00 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From lelandvion <lelandvion@earthlink.net>][Date Tue, 16 Sep 2003 01:19:00 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From lelandvion <lelandvion@earthlink.net>][Date Sun, 14 Sep 2003 17:50:07 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From lelandvion <lelandvion@earthlink.net>][Date Sun, 14 Sep 2003 17:50:07 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From Rudyk <Rudyk@acninc.net>][Date Wed, 10 Sep 2003 04:29:05 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From Rudyk <Rudyk@acninc.net>][Date Wed, 10 Sep 2003 04:29:05 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From ubuhjamvndiwjm <ubuhjamvndiwjm@owva.com>][Date Thu, 2 Oct 2003 01:40:56 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From ubuhjamvndiwjm <ubuhjamvndiwjm@owva.com>][Date Thu, 2 Oct 2003 01:40:56 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From auto-confirm <auto-confirm@amazon.com>][Date Tue, 7 Oct 2003 09:16:25 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From auto-confirm <auto-confirm@amazon.com>][Date Tue, 7 Oct 2003 09:16:25 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From ormick <ormick@phs.com>][Date Wed, 8 Oct 2003 06:20:54 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From ormick <ormick@phs.com>][Date Wed, 8 Oct 2003 06:20:54 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From sjones <sjones@netcom-sys.com>][Date Sat, 11 Oct 2003 08:47:13 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From sjones <sjones@netcom-sys.com>][Date Sat, 11 Oct 2003 08:47:13 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From postmaster <postmaster@hotmail.com>][Date Fri, 17 Oct 2003 08:49:59 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From postmaster <postmaster@hotmail.com>][Date Fri, 17 Oct 2003 08:49:59 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Yahoo! Mail Virus Protection <mail-antivirus@yahoo-inc.com>"][Date Thu, 4 Mar 2004 19:46:39 -0500]/UNNAMED/UNNAMED/[From admin@sbcglobal.net][Date Thu, 4 Mar 2004 19:46:39 -0500]/text Infected: Email-Worm.Win32.Mimail.txt
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Yahoo! Mail Virus Protection <mail-antivirus@yahoo-inc.com>"][Date Thu, 4 Mar 2004 19:46:39 -0500]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.Mimail.txt
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Yahoo! Mail Virus Protection <mail-antivirus@yahoo-inc.com>"][Date Thu, 4 Mar 2004 19:46:39 -0500]/UNNAMED Infected: Email-Worm.Win32.Mimail.txt
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Mimail.txt
C:\Program Files\Norton AntiVirus\Quarantine\00553271.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\00675C7E Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\00966F17.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\00CA406D.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\01501921.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\015632E9.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\018E7E98 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\01D92BB3.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\020E7D0A.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\029304E7.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\034D5E1A.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\037B29E7.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\03C04D2C.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\03D77313.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\041E5D34.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\04AD1C06 Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\04C91609.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\052103A8.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\05217F42.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\053B5278/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\053B5278/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\053B5278/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\053B5278/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\053B5278 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\058D6D31.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\05DD60F2.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\05E7774B.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\05FE7923.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\06081067/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\06081067/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\06081067/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\06081067/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\06081067 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\064E73DF.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\06C62BD8.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\070323AE.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\08005370/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\08005370/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\08005370/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\08005370/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\08005370 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\083A2CAF.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\08BD6DAF.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\08CD0E0D.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\08D03809.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\09073986.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\091B34DB Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\0AAD29FD.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\0AEE71B5.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\0B683B3C Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\0C045D79 Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\0CF12405.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\0D2E6C4C Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\0D454EF9.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\0DC2269A Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\0E0C0CBB.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\0EB73D44 Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\105C4D71 Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\10884A49.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\115A16F5.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\11AF5A98.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\11B35772.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\11BC5568.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\11CD2756.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\11DD2951.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\12147028.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\121F7F8B.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\12204676.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\127C664B.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\12C02CAA.class Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\12C456A6.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\12C456A6.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\14182CCF.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\14D91188.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\15350FA2.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\15427B84/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.n
C:\Program Files\Norton AntiVirus\Quarantine\15427B84/BlackBox.class Infected: Trojan.Java.ClassLoader.l
C:\Program Files\Norton AntiVirus\Quarantine\15427B84/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\15427B84/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\15427B84 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\15E508CD.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\168211DE.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\171B617F.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\171D4971 Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1720736D/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\1720736D/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1720736D/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\1720736D/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1720736D Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\17231D6A Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\17264766/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\17264766/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\17264766/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\17264766/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\17264766 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\173C33B6.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\17C9411B.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\183854A1.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\183B7E59.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\19EA1B2B Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1CC47178.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\1CD54366.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\1D1D20E2.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1D79387D.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1D96325D.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1DB45A98.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1DF84DF6 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1E1941CD.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1E236E1D.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1E2C3DB8.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0/Beyond.class Infected: Trojan.Java.StartPage.o
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0/BlackBox.class Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1EAE0EC0 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1EFD4098.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\1F285EA3.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1F59546D.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1F83763E.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1F8B3D70.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1FAA6E13.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1FF00AB6 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\200379EB.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\20147FB7.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\2086197D.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\210A773C Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\21257472.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\21333768/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\21333768/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\21333768/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\21333768/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\21333768 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\21AB121C.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\22094734 Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\232C2EDE.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\23355D46 Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\23392029 Infected: Trojan-Spy.Win32.Small.t
C:\Program Files\Norton AntiVirus\Quarantine\23445C79.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\23830892.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\23946E6B.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\23A26FB6.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\23AF17A7.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\23D510F9.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\24C8318D.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\250E18D3.htm Infected: Trojan-Downloader.JS.Inor.a
C:\Program Files\Norton AntiVirus\Quarantine\251839F9 Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\256D5DAA.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\25AC39CD Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\25E33616.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\25E66012.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\26120FBC Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\264039A1/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\264039A1/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\264039A1/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\264039A1/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\264039A1 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\268D3CB3.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\268D3CB3.htm Infected: Exploit.VBS.Phel.y
C:\Program Files\Norton AntiVirus\Quarantine\26D43975/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\26D43975/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\26D43975/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\26D43975/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\26D43975 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\270A2465.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\27566FA1.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\28255D07.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\283858F2.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\28C06270.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\28D53845.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\29456D81.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\29613211.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\29806141.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\29F94794.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2A085907.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\2A6B303E.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2A81346F.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2A825625.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2A975A56.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2AA37A01.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2B760161.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2B882360.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2BC4710B.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2C215AC7.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2C27532E.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2C27532E.htm Infected: Trojan-Downloader.JS.Inor.a
C:\Program Files\Norton AntiVirus\Quarantine\2C6218BB.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2C672BCA Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\2C7438AF.htm Infected: Trojan-Dropper.VBS.Inor.cz
C:\Program Files\Norton AntiVirus\Quarantine\2C840A9D.htm Infected: Trojan-Dropper.VBS.Inor.cz
C:\Program Files\Norton AntiVirus\Quarantine\2C955C8B.htm Infected: Trojan-Dropper.VBS.Inor.cz
C:\Program Files\Norton AntiVirus\Quarantine\2CA60A70.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\2CA85875.htm Infected: Trojan-Dropper.VBS.Inor.cz
C:\Program Files\Norton AntiVirus\Quarantine\2CAA629E.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2D2163C8.htm Infected: Trojan-Downloader.VBS.Small.s
C:\Program Files\Norton AntiVirus\Quarantine\2D2245E7.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2D8561CF Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2D877959.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2DF27CA4.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2DFD584C Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2E553096.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2E587873.htm Infected: Trojan-Downloader.VBS.Small.s
C:\Program Files\Norton AntiVirus\Quarantine\2E781C4F.htm Infected: Trojan-Downloader.VBS.Small.s
C:\Program Files\Norton AntiVirus\Quarantine\2E862660.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2ED023B0.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2EEE1D90.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2F305BD6.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2FA876C3.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2FDA631C.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\2FE36E63 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\301556DB.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\30534665.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\30624FF6.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\308373D2.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\30901BC4.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\30B03FA0.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\30CE397F.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\313F5E6C.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\315472EC.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\316709AB.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\31836F28.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\320D237A Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\32191272.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\323B044D/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\323B044D/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\323B044D/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\323B044D/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\323B044D Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3300566B.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\34591490.exe Infected: Backdoor.Win32.Agent.rw
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\34A633CB Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\352B7DD4.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\35891CD7 Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\361536D4.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\367C2BCF.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\36AA6FB5.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\36E24880 Infected: Trojan-Downloader.Win32.Small.ii
C:\Program Files\Norton AntiVirus\Quarantine\370D0B8D Infected: Trojan.Java.ClassLoader.aj
C:\Program Files\Norton AntiVirus\Quarantine\37190B22.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\38D16ADD Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\38FA5EBE Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\39120067.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\39E216A5.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\3AC1268C.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3BCB5A02.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3BDF2C74.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\3C3519FF Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\3DB9035C.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3DE414AD.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\3DE414AD.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\3DFD7510.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3E001F0D.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\3E2641AF.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\3E5F60A4.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3E807590.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\3EDB6404.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\3F0B742A.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\3F867B48 Infected: Trojan-Downloader.Win32.Small.ii
C:\Program Files\Norton AntiVirus\Quarantine\3F884D5D.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3F9C3A58.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\3FA6473D.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3FE24ACF Infected: Trojan-Downloader.Win32.Monurl.gen
C:\Program Files\Norton AntiVirus\Quarantine\3FE674CB Infected: Trojan.Win32.Botten.i
C:\Program Files\Norton AntiVirus\Quarantine\402F27EF.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\40D507EF.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\41DA37FD Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\42387570/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\42387570/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\42387570/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\42387570/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\42387570 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\438A4CF5.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\43B53F90.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\43E652A1.exe Infected: Trojan-Downloader.Win32.Small.bgv
C:\Program Files\Norton AntiVirus\Quarantine\45214069.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\45321257.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\454C623A.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\455F5E24.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\45DB199C.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\46F95A57 Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\48CB5FC0.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\48D807B2.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\49181388.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\49181388.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.class Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\49350D68.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\49383764.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\493C6161.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4945012B.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\49471AA4.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\49756672.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\498962F0.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4A230615.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\4BD03677.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4BD30D43.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4C260614.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\4C332E05.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\4C5127E5.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\4DAB05D0.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4DC8316F Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4DEF7784.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4E784E22.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4E79684C Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\4E815181.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4F9C2E2B.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4FC6068E.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\4FDD1F98.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\500F22E4 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\50414995.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\50D14B65.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\512975F7.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\51371E90.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\515E15BD.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\518A720D.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\518D1C09.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\51D71848.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\51F41228.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\523C129C.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5263349E.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\52690897.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\52C1370A.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\52CE5EFB.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\537E3A39.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\54744658.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\554245C4.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\5630057F.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\57123451 Infected: Trojan.Win32.Small.bm
C:\Program Files\Norton AntiVirus\Quarantine\576D7D13.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\57767B08.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\57E63AAE.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\58144B6B.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\58BA0F45.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\58BA0F45.htm Suspicious: Exploit.HTML.Mht
C:\Pro
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby krforrester » January 16th, 2006, 7:04 pm

(Kapersky cont.)

C:\Program Files\Norton AntiVirus\Quarantine\58D73217.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\590554F3.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\590554F3.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\591C7ADA.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\592621C1.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.n
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F/BlackBox.class Infected: Trojan.Java.ClassLoader.l
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\592B6B6F Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\59356298.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\59642186.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\59B65923.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\59C67B50.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\59C9254C.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\59DD50F8.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5A3E629B Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5A490AC0.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5A490AC0.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\5A9B7B82.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5AA20E84.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5AAE2051.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5AAE2051.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\5AB9346B.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5ACA0A32.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5ACB1A30.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\5ACF442D.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5AE478C5.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5B1666AC.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5B442BAB.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5B442BAB.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5B5D5FC0 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5B687984.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\5B6B2380.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5B6B2380.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5BB01C04.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5BB01C04.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5BB6692E.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5BB6692E.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\5BD13911.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\5BD4630D.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5BFE04DE.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\5C022EDB.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5C2F2DB0.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\5C364EA1.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\5C876F16.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5CD505B3.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5CF04322 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5D4E192E.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5DCC4E9A.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\5DE360F0.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5DE52488.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5E2E30C9.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\5F5A3D53.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5FE239C4.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\60206984 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\60B20DA1.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\60C5454A.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\610D0D75.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\614F4983.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\61517F29.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\61861EF0.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\618A5F38 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\61AA741A.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\61CD3AA1.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\61E80A84.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\61ED7819.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\62504A11.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\62571260.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\626D43F1.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\626E3846.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\627F1E1C Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\62855E2D.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\62892F30 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\629F2E11.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\62AF0BA9.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\62FA5B82.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\63077948.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\63247327.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\634F14F9.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\63760CCE.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\63B848DC.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\644628CA.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\64974270.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\64B91CF0.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\64CB69CE Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\64CD18DA.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\65B56A55.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\65D26435.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\666F4388.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\667F1576.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\66A00CD8.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\66AD6144.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\66B308C3.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\66D949F4.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\66E23B54 Infected: Trojan.Java.ClassLoader.aj
C:\Program Files\Norton AntiVirus\Quarantine\66E85503.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\671637F1.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\671F1EC6.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6720131C.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\674D5AEB Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\67746269.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\67915C48.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\679F1B5A.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\67A8022F.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\67AD46D2.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\684231DE Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\686A467B.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\68907AB6.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\69125ED7.htm Infected: Trojan-Dropper.VBS.Inor.cz
C:\Program Files\Norton AntiVirus\Quarantine\69547E59.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\696B243F.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\698F7218.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\699436BA.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\69B87DC4.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\69CC79AE.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\69D039D0.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6A080393.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6A1642A4.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6A1F297A.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6A2226FC.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6A406476.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6A494B4B.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6A843360.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6A8A1303.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6ADD6ACD.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6AE9549B.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6B0D2273.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6B3164A2.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6B3B6E41.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6B4E6A2C.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6B5F3C1A.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6B807716.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6B895DEB.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6B8A5241.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6B8D1F07.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6BD16DF2.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6BDC0EB1.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6BEC609F.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6BFA0C17.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6C205D9B.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6C3D577B.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6C547D62.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6C5858EE.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\6C644F50.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6C681C16.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6C75213E.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6C8C4725.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6CD20265.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6CDA685E.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6CE434C4.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6D08029C.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6D0B2C99.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6DD77E0A.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6E195519.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6E307AFF.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6E717476 Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6EDE2B84.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\6EFC3D41.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6EFC40C6.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6F3A5AFC.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6F7E40FC.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\6F957298.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6FD63A50.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6FD94D2C.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6FE13BCB.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7015580B.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\704F4BCB.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\70741D29.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\707B7122.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\70AA409C.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\70B154C3 Infected: Trojan-Spy.Win32.Small.u
C:\Program Files\Norton AntiVirus\Quarantine\70B50DD4.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\710723AD.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\713973A8.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\713C491B Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\723D3F6B.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\72653740.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\72E41CB3.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\72F46EA1.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\732D1B82.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\73396056.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\73551D83.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\73826950.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\741220B2.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\744A776A.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\745A4958.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\746A787B.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\74927050.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\74D030D6.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\74D35AD3.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\74D76D17.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\74E002C4.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\759A1D66.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\75B20564.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\75FD0594.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\761A5031.htm Infected: Trojan-Clicker.JS.Linker.k
C:\Program Files\Norton AntiVirus\Quarantine\76C448B0.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\77430B5A.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\77601B10.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\776501BF.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\77686445.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\776D4FF6.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\782B61EB.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\786970E1.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\78C73FC9.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\78F9108B.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\795058EB.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\79B27482.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\79C67D60.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7B004ACD.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7B965628.class Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\7B965628.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7B990024.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\7BE42AE7.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\7C6A7F3E.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7C6F1771 Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\7C746249.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7C746249.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\7CC6705C.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7D522384.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\7D9A3FF0.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7EA95CC6.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7ED45819.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.n
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482/BlackBox.class Infected: Trojan.Java.ClassLoader.l
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7EE13482 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7F560E07.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7F5E0E4E.htm Infected: Trojan-Dropper.VBS.Inor.cz
C:\Program Files\Norton AntiVirus\Quarantine\7F7407E7.htm Suspicious: Exploit.HTML.Mht
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP171\A0011650.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP175\A0011758.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP176\A0012753.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP176\A0012770.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP177\A0013764.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP178\A0013790.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP181\A0013818.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP182\A0013842.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP182\A0013858.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP182\A0013873.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP183\A0013886.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP183\A0013908.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP183\A0013932.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP183\A0013955.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP183\A0014003.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP183\A0014036.exe Infected: Trojan.Win32.Favadd.an
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP183\A0014038.exe Infected: not-a-virus:AdWare.Win32.Msnagent.b
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP184\A0014057.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP187\A0014086.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP187\A0014109.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP187\A0014110.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g
C:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP195\A0015526.dll Infected: Trojan-Dropper.Win32.Mudrop.ae
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From pslraiderron <pslraiderron@msn.com>][Date Sun, 3 Aug 2003 17:05:44 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From Rudyk <Rudyk@acninc.net>][Date Wed, 10 Sep 2003 04:29:05 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ormick <ormick@phs.com>][Date Wed, 8 Oct 2003 06:20:54 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ormick <ormick@phs.com>][Date Wed, 8 Oct 2003 06:20:54 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From sjones <sjones@netcom-sys.com>][Date Sat, 11 Oct 2003 08:47:13 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From sjones <sjones@netcom-sys.com>][Date Sat, 11 Oct 2003 08:47:13 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From postmaster <postmaster@hotmail.com>][Date Fri, 17 Oct 2003 08:49:59 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From postmaster <postmaster@hotmail.com>][Date Fri, 17 Oct 2003 08:49:59 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ana_laredo_ajye <ana_laredo_ajye@losmejorespremiosdetodo.com>][Date Thu, 16 Oct 2003 14:12:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From PSLRAIDERRON <PSLRAIDERRON@email.msn.com>][Date Thu, 9 Oct 2003 09:48:35 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From Rudyk <Rudyk@acninc.net>][Date Wed, 10 Sep 2003 04:29:05 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From Rudyk <Rudyk@acninc.net>][Date Wed, 10 Sep 2003 04:29:05 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From chazparks <chazparks@email.com>][Date Sun, 12 Oct 2003 06:25:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From brad <brad@atopsports.com>][Date Wed, 1 Oct 2003 03:13:50 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ubuhjamvndiwjm <ubuhjamvndiwjm@owva.com>][Date Thu, 2 Oct 2003 01:40:56 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From ubuhjamvndiwjm <ubuhjamvndiwjm@owva.com>][Date Thu, 2 Oct 2003 01:40:56 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From auto-confirm <auto-confirm@amazon.com>][Date Tue, 7 Oct 2003 09:16:25 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx/[From auto-confirm <auto-confirm@amazon.com>][Date Tue, 7 Oct 2003 09:16:25 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Exploit.HTML.Iframe.FileDownload
D:\System Volume Information\_restore{1349831D-D460-4D4B-992E-9AEC037AAFB3}\RP44\A0001358.exe Infected: Backdoor.Win32.Divux.b
D:\System Volume Information\_restore{1349831D-D460-4D4B-992E-9AEC037AAFB3}\RP76\A0006486.Exe Infected: Backdoor.Win32.Divux.b
D:\System Volume Information\_restore{1349831D-D460-4D4B-992E-9AEC037AAFB3}\RP81\A0006539.exe Infected: Backdoor.Win32.Sinit.c
D:\System Volume Information\_restore{1349831D-D460-4D4B-992E-9AEC037AAFB3}\RP87\A0007572.exe Infected: Trojan-Clicker.Win32.Axec
D:\System Volume Information\_restore{1349831D-D460-4D4B-992E-9AEC037AAFB3}\RP92\A0008588.Exe Infected: Backdoor.Win32.Divux.b
D:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP187\A0014111.dll Infected: not-a-virus:AdWare.Win32.CoolWeb
D:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP187\A0014112.dll Infected: not-a-virus:AdWare.Win32.CoolWeb

Scan process completed.

[Ewido and WinPFind in next reply]
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby krforrester » January 16th, 2006, 7:06 pm

Ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:52:04 AM, 1/16/2006
+ Report-Checksum: 56B0AA1A

+ Scan result:

:mozilla.24:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Keith Forrester\Application Data\Mozilla\Firefox\Profiles\r47blegi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End

_____
WinPFind log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library
{54F51408-DD44-4a12-82EF-519AD2A80DE9} = C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1} = C:\Corel\Suite8\Programs\PFSE80.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1} = C:\Corel\Suite8\Programs\PFSE80.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2}
IEHandler Class = C:\Program Files\NetLeech\IEExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44226DFF-747E-4edc-B30C-78752E50CD0C}
ButtonText = ATI TV :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}
ButtonText = PartyPoker.net : C:\Program Files\PartyPoker.net\partypokernet.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
srmclean C:\Cpqs\Scom\srmclean.exe
SetRefresh C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
IgfxTray C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
DrvLsnr C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
CPQEASYACC C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
SBDrvDet C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
CTHelper CTHELPER.EXE
PaperPort PTD C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
IndexSearch C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
InCD C:\Program Files\Ahead\InCD\InCD.exe
type32 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
HP Software Update "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RemoteCenter
MtdAcq C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
/s
ATI DeviceDetect C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ATI Launchpad
keybdll Serviceprocess.exe
MNTP browsebar.exe
SysEntry DTOURS.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun _

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/16/2006 2:45:29 PM


______________
Thank you for all your help. Let me know if there is anything else I need to run.
krforrester
Regular Member
 
Posts: 55
Joined: January 8th, 2006, 4:05 pm

Unread postby Rogue » January 18th, 2006, 7:30 pm

Hi krforrester,


WOW 591 found by Kapersky
Looks like we need to do some cleaning up in your email.
This is evidant by several of these lines
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx/[From pslraiderron <pslraiderron@msn.com>][Date Sun, 3 Aug 2003 17:05:44 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload


Open Norton and go to the Quarantined files and delete all that is in there.
Clear your JAVA Runtime cache. Follow the instructions at http://www.java.com/en/download/help/5000020300.xml

==========
Reboot your computer to clean it all out
===========

You may already have some of these but please make sure that they are updated and configured as below:

Please download the free Ad-Aware SE and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

1) Run Ad-Aware, and click Check for updates now.

2) Select Configurations (click the Gear wheel at the top) as follows:

  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Click Proceed.
3) To start the scan, Click > "Scan Now" at left

  • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
  • Select "Search for low-risk threats"
  • Select "Perform full system scan"
  • Click Next
4) When the scan has completed, select Next.

  • In the Scanning Results window, select the "Critical Objects" tab.
  • Right-click on the screen and choose "Select all objects"
  • Click Next to remove the infections found, and click OK to the prompt.
  • Restart the computer.

==========

Sbybot Download, Update & Run

Spybot S&D is available from here.

Download and Install Spybot S&D (if you haven't already), accept the Default Settings
In the Menu Bar at the top of the Spybot window you will see Mode.
Make certain that 'Default Mode has a check mark beside it.
Close ALL windows except Spybot S&D
Click the button to ‘Search for Updates’ then download and install the updates.
Next click the button ‘Check for Problems'
When Spybot is complete, it will be showing ‘RED’ entries bold 'BLACK' entries and ‘GREEN’ entries in the window
Make certain there is a check mark beside all of the RED entries ONLY.
Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
REBOOT normally to complete the scan and clear memory.
==========

If you have removed it please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?ac ... t&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe
Save it to your desktop
==========

Now, enable the Show Hidden Folders option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
==========

Note: Leave your internet connection running, the fixwareout may prompt you to download BFU from merijn.

Run FixWareout Make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click scan and check the following items.

F2 - REG:system.ini: UserInit=userinit.exe

O4 - HKCU\..\Run: [] /s
O4 - HKCU\..\Run: [keybdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MNTP] browsebar.exe
O4 - HKCU\..\Run: [SysEntry] DTOURS.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing

O17 - HKLM\System\CCS\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7698554-16B5-4192-A01A-002BA35F0ED0}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBA4A583-6A3D-44FB-BF26-4B9A17791EA5}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC484292-33D2-4E00-B868-32280650116E}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{084AE2EA-3AA6-4B5A-BEE7-07F3C4471FD2}: NameServer = 85.255.115.91,85.255.112.135

O23 - Service: Windows Security Update - Unknown owner - C:\WINDOWS\System32\secupd.exe (file missing)

Click Fix Checked. Close HijackThis, and click OK to proceed.
==========

Going to SAFE MODE
Reboot your computer
As soon as it starts to boot, rapidly press the f8 key.
Select Safe Mode from the menu
If you are still unsure, see here
==========

Go to Start->Settings->Control Panel->Network Connection and look for your connection there. Just right click on it and go to Properties. Then look for Internet Protocol (TCP/IP) and double click on it. Make sure on the bottom that it's set to 'Obtain DNS server address automatically'. Hit OK
==========

Using Windows Explore by right-clicking the Start button and left clicking. Explore navigate to and find the following folders: if found, delete the following files (some may not be present after previous steps):

C:\Program Files\PartyPoker.net

Again using Windows Explore navigate to and find following files: if found, delete the following folders (some may not be present after previous steps):

C:\WINDOWS\System32\secupd.exe
C:\Documents and Settings\Keith Forrester\Local Settings\Application Data\Identities\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\Microsoft\Outlook Express\Deleted Items.dbx

Now we need to do a search. Start | Search | For Files and Folders.
Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
Paste this into the Search for files and folders named box:

DTOURS.exe
browsebar.exe
Serviceprocess.exe

If any of these files are found please delete them.

Now empty your Recycle Bin
==========

Reboot your PC in Normal Mode

=========

Run another online virus scan with Kapersky from here.

1. Click on "Kapersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kapersky will update the anti-virus database. Let it run.
4. Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. Once finished, save a log as ".txt" to the desktop. And restart.
==========

Copy/paste the following quote box into a new notepad (not wordpad) document.

regedit /e %systemdrive%\regkey.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
notepad %systemdrive%\regkey.txt
del /q %systemdrive%\regkey.txt


Save it to your Desktop as regkey.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name:regkey.bat

Locate regkey.bat on your Desktop and double-click it.
When notepad opens, copy/paste the content in your reply.
When you close Notepad the CMD window will close automatically and the text file will be deleted.
==========

Post a new HJT Log
Post a Kapersky log
Post C:\fixwareout\report.txt
Post regkey.txt file
Let me know if you were able to run Adawre and Spybot


Thanks,

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Nick-YF19 » February 5th, 2006, 7:55 am

While we appreciate that you may be busy, it has been 7 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 322 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware