Spywarestrick?spyware sheriff. I can't remove these from my system

BullGuard Antivirus Forum > Virus Removal > Removal Help > Spywarestrick?spyware sheriff. I can't remove these from my system

Forum Quick Jump

54 posts in this thread.
Viewing Page : 1 2 3

[ << Previous Thread | Next Thread >> ]

klas
New Member

Date Joined Jan 2006
Total Posts : 33

Posted 1-15-2006 2:58 (GMT +1)

can anyone help, I am very un-experenced with computors and would appear to have either or both Spywarestrick and Sypware Sheriff on my computor, I keep getting pop-up telling me that my computor is infected. I have tried a number of down loads to scan the computor, but each would appear to be a scan for money. I have been reading some of the enteries on this site and don't fully understand the "hijack logs" people are sending in! Can you help.

JSntgvr
Senior Member

Date Joined Nov 2005
Total Posts : 605

Posted 1-15-2006 3:40 (GMT +1)

Click here to download HJTsetup.exe:

www.thespykiller.co.uk/files/HJTSetup.exe

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

klas
New Member

Date Joined Jan 2006
Total Posts : 33

Posted 1-15-2006 10:09 (GMT +1)

Logfile of HijackThis v1.99.1
Scan saved at 21:07:19, on 15/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\xrugsb.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\dinst.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpywareStrike\SpywareStrike.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareStrike\SpywareStrike.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: International - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpC65D.tmp
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKLM\..\Run: [eqxtpd] C:\WINDOWS\system32\xrugsb.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYNL_ZBzeb032YYGB
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\q1147984.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

JSntgvr
Senior Member

Date Joined Nov 2005
Total Posts : 605

Posted 1-16-2006 12:41 (GMT +1)

Copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Run the Nailfix from here:

castlecops.com/zx/flrman1/Nailfix.zip

Save the file to your desktop.
Unzip Nailfix.zip to extract the files it contains.
Do not do anything with it yet. You will run the Nailfix.cmd file later in Safe Mode.

Click here to download smitRem.exe:

noahdfear.geekstogo.com/click%20counter/click.php?id=1

*Save the file to your desktop.
*It is a self extracting file.
*Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
*Do not do anything with it yet. You will run the RunThis.bat file later in safe mode

Download the trial version of Ewido Security Suite:

http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

Perform the following steps in Safe Mode:

*Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal. Once finished, proceed with the following:

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.

Wait for the tool to complete and disk cleanup to finish.

*Run Ewido:

Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.

Save the report to your desktop.

* Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

* Restart back into Windows normally now.

Perform an ActiveSCan:

http://www.pandasoftware.com/activescan/

Save the report to the desktop.

Post a new HijackThis log and the results of the Ewido and ActiveScan reports.

Post Edited (JSntgvr) : 1/15/2006 11:45:47 PM GMT

klas
New Member

Date Joined Jan 2006
Total Posts : 33

Posted 1-16-2006 12:03 (GMT +1)

I received your instructions on removing spywarestrick and spy=sheriff, but I can't finish the last instructions, how can I "Perform an ActiveSCan"

Post Edited (klas) : 1/17/2006 9:46:44 PM GMT

klas
New Member

Date Joined Jan 2006
Total Posts : 33

Posted 1-16-2006 1:57 (GMT +1)

Logfile of HijackThis v1.99.1
Scan saved at 12:55:23, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: International - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpBC99.tmp
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYNL_ZBzeb032YYGB
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\q1147984.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

JSntgvr
Senior Member

Date Joined Nov 2005
Total Posts : 605

Posted 1-16-2006 4:09 (GMT +1)

Download Killbox from any of the sites below, and have it ready to run later-on:

www.downloads.subratam.org/KillBox.exe

www.downloads.subratam.org/KillBox.zip

Run Hijackthis. Place a checkmark on the following lines and click on Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: International - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpBC99.tmp
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYNL_ZBzeb032YYGB
O20 - Winlogon Notify: st3 - C:\WINDOWS\q1147984.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Boot the computer in Safe Mode

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the Full Path of File to Delete box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the Paste Full Path of File to Delete box.

C:\WINDOWS\Nail.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\system32\hpBC99.tmp

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure not to miss any.

Exit the Killbox.

Boot back to Normal mode.

I need to see the ActiveScan report as well as the Ewido report. Post also a fresh Hijackthis log.

Click on the following link to run the ActiveScan:

www.pandasoftware.com/activescan/

klas
New Member

Date Joined Jan 2006
Total Posts : 33

Posted 1-16-2006 5:30 (GMT +1)

Hi its me again, first thanks for all your help we seem to be getting simewhere.I ran the Hijackthis and ticked all the boxes requested but I can't find F2 or O2, I am also having troble downloading ActiveScan, any sugestions.

Logfile of HijackThis v1.99.1
Scan saved at 16:27:20, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Post Edited (klas) : 1/17/2006 9:47:29 PM GMT

JSntgvr
Senior Member

Date Joined Nov 2005
Total Posts : 605

Posted 1-16-2006 7:02 (GMT +1)

Right click mvps.org/winhelp2002/DelDomains.inf and select Save As, or Save Target as, to download WinHelp2002's DelDomains.inf.

Please save the file somewhere you can find it like on the desktop.

Run this file by right clicking on it and selecting Install.

Please run an on-line virus scan at Kaspersky OnLine Scan:

www.kaspersky.com/virusscanner

or if that doesnt work, you can use TrendMicro:

housecall.trendmicro.com/

or BitDefender:

www.bitdefender.com/scan8/ie.html

Please post the results of the scan(s) in your next reply as well as a fresh Hijackthis log.

Post Edited (JSntgvr) : 1/16/2006 6:06:58 PM GMT

klas
New Member

Date Joined Jan 2006
Total Posts : 33

Posted 1-16-2006 11:02 (GMT +1)

Are we getting anywhere?

Logfile of HijackThis v1.99.1
Scan saved at 22:00:27, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 16, 2006 21:59:52
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/01/2006
Kaspersky Anti-Virus database records: 161112
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 92000
Number of viruses found: 53
Number of infected objects: 438
Number of suspicious objects: 8
Duration of the scan process: 5025 sec

Infected Object Name - Virus Name
C:\!KillBox\hpBC99.tmp Infected: Trojan-Downloader.Win32.Zlob.eu
C:\Documents and Settings\Big Stephen\My Documents\LimeWire\vicintity of obscenity.rar/setup.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Big Stephen\My Documents\LimeWire\vicintity of obscenity.rar/setup.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Big Stephen\My Documents\LimeWire\vicintity of obscenity.rar Infected: Trojan-Downloader.Win32.IstBar.no
C:\Program Files\Norton AntiVirus\Quarantine\007F4199.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\01C1364F.exe Infected: Trojan-Dropper.Win32.Small.uy
C:\Program Files\Norton AntiVirus\Quarantine\01CF09BA Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\02043398.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\03A32168.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\03A64B65.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\040D5729 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\045C65C9.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\04C753CA.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\04ED0322.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\04F12D1F.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\094E395C.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\09CD080B.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\09D03208.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\09D45C04.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\09DA2FFD.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\0B7C599A Infected: Trojan-Downloader.Win32.Agent.rm
C:\Program Files\Norton AntiVirus\Quarantine\0C1B40D6.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\0CBA49A8 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\0E392829 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\0E4D25AC.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\0FEC687C.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\116F17F3 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\11BC529F Infected: IM-Worm.Win32.Sumom.a
C:\Program Files\Norton AntiVirus\Quarantine\120761A6.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\12D5296A.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\139521A7.dll Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\13DD2128.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\13DD2128.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\13DD2128.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\150A1BBD.js Infected: Trojan.JS.Seeker-based
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\15826589.exe Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\17A72FDD Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\17A92B33 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\186676EA.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\18BF3E35 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\193B3E2A Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\194016B0.exe Infected: Trojan.Win32.Agent.ay
C:\Program Files\Norton AntiVirus\Quarantine\198208A2.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\198C711F Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\1AD41E4F.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\1B2E4F26 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\1B2E7ED9.class Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\1B344A0A.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1CA17EB1.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\1CB72498.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\1CBE7891.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1D134467 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\1D311A77.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\1E5B7B7C.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\1ED851CB.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\1F0072F6.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1F0072F6.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1F0072F6.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\1F0072F6.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\20001096.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\20001096.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\20001096.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\206F3159.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\21171DD0.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\222C22FC.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\23596D4B.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\241D0ED9 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\2490170C.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\24AF0973.EXE Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\24D97BEF Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\25013DC3 Infected: Trojan.Java.ClassLoader.aj
C:\Program Files\Norton AntiVirus\Quarantine\250E65B5 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\25103FEB.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\251F541D Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\25A916AF.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\25BC0CD6.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\25C36692.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\25EC2195.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\274029E4 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\28616AD9 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\297456AB Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\29CC4852.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\29F0162A.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\2A4F0354.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2C5A367D.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\2CAD5108.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\2CBD2297.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\2DBE1CC9 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\2DF6442A.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2E76345F.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2F6379B8.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\2FA2431C.htm Infected: Trojan-Clicker.JS.Linker.k
C:\Program Files\Norton AntiVirus\Quarantine\2FC366F9.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\2FCA3AF1.htm Infected: Virus.Win32.Bube.b
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2FDD36DC.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2FE060D8.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\2FE40AD5.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\2FED08CA.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/web.exe Infected: Trojan-Clicker.Win32.Small.fy
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303D5AD3 Infected: Trojan-Clicker.Win32.Small.gj
C:\Program Files\Norton AntiVirus\Quarantine\30D658A9.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\31290B33.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\31D62D31.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\329D1C78.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\339A5CF5 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\33A50384/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\33A50384/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\33A50384/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\33A50384/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\33A50384 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\33AF0179 Infected: Trojan-Downloader.Java.OpenStream.c
C:\Program Files\Norton AntiVirus\Quarantine\35C36701 Infected: Trojan.Java.Binny.a
C:\Program Files\Norton AntiVirus\Quarantine\36140051.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\36B556E8 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\37FF220A.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\38081FFF.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\38121DF5.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\389A4398.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\389B2230.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\39E95A57.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\3A752638.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\3ACF2DEB.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\3B4A4EA5.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3BAC0257 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3C127310.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\3C781893.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\3D066A30 Infected: Trojan.Java.ClassLoader.aj
C:\Program Files\Norton AntiVirus\Quarantine\3DCD36D3.exe Infected: Trojan-Downloader.Win32.IstBar.ll
C:\Program Files\Norton AntiVirus\Quarantine\3E0B7B52 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3EF93D87 Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\3F2B18F3 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\404F4ED5.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/web.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\41250B9C.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\418905C7.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\423D0DE0.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\431E2397.exe Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\433E4ADB Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\448B250D Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\44EB7AD2 Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\44EE24CF Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\44F14ECB Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\45E27706.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\45FF6BEF.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\4603394A Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\46E24B0A.dll Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\473E0267.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\47447DD1.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\47447DD1.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\47447DD1.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\47447DD1.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\486D40D2.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\49160E49.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\49AD4438 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\49E32AF5.php Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4A0173D8 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\4A250A63.php Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4B3F4B01 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\4B4274FE Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\4BD23955.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4C5E3309.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4C6E04F7.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4C89380C.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4CA97CF9 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\4D253AEA Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\4DB52D0A.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4DBB0103.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\4DE029D4 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\4E303F37.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\4F16175B.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4F2114BF.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\4FD57ED1.htm Infected: Trojan-Downloader.JS.Agent.g
C:\Program Files\Norton AntiVirus\Quarantine\4FD949AD.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/web.exe Infected: Trojan-Clicker.Win32.Small.fy
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\51283843 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\51500F5C.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\51543958.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\51C411B2.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\537B66CD.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\53A35EA2.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\53A74125 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\54F91729.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\552762F6.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\55455CD6.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\555204C8.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\556C54AB.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\565950EE.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\567B1A48.exe Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\57E84FEE.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\57F10395.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\58452039.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\58847D84.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\58A30169.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\58A42E5F.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\58A9065F.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\58AA0258.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\58AD2C54.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\58B30454.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\58B62E51.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\58B72A49.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\58BC024A.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\59015D83.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\59520B48 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\597165D2 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5A0C4367 Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\5A1D2F80.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\5ADC1D42.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5B3F6FCB Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\5C137B1C.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\5CA11DFF.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/web.exe Infected: Trojan-Clicker.Win32.Small.fy
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5EA00937.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\5F59622B.exe Infected: Trojan-Downloader.Win32.Small.aoa
C:\Program Files\Norton AntiVirus\Quarantine\604C2216.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\605319D6 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\60A97190.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/web.exe Infected: Trojan-Clicker.Win32.Small.fy
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\613643CB.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6145027A.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\61B74A66.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\61C30D15.exe Infected: Trojan-Downloader.Win32.Agent.lq
C:\Program Files\Norton AntiVirus\Quarantine\63480C90 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\63646369.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\63D613E0.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6401054F Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\64707EA1.class Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\64D20E51 Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\650121D1 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\650C3619 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\65656D97 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\656E65C4.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\65895CDA Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\65CF2FCA.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\66222F48.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\66222F48.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\66222F48.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\671B6B26 Infected: Trojan-Proxy.Win32.Mitglieder.cy
C:\Program Files\Norton AntiVirus\Quarantine\6729527F.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\67414E5B.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\674E5768 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\67561594 Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\68145189 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\697A2BD7 Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\69817FD0 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\698753C9 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\6A471345 Infected: Trojan.Java.Binny.a
C:\Program Files\Norton AntiVirus\Quarantine\6B0E7AAA.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6B951521.exe Infected: Trojan-Downloader.Win32.Agent.lq
C:\Program Files\Norton AntiVirus\Quarantine\6BAF29D5.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6BBE7343 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6BCA25CC.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6C1F4D74 Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\6DE622C2.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6E150AF3.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6E2948D8 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\6F0E63D8.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\6F1E4289.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6FA96E82.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\6FB36C77.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6FBC6A6C.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\6FF64C22.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\70101C05.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\70101C05.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\Program Files\Norton AntiVirus\Quarantine\70316BC9.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7078546F.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\70B63F4A Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\70BA6946 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\72726E32.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/web.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\736E6C41.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\73827705.exe Infected: Trojan.Win32.Agent.ay
C:\Program Files\Norton AntiVirus\Quarantine\744A546A.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\74771CC6.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\75370916.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\75AC3C2F Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\760114F7 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\76322AC3.php Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\771426D4.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\77657195.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\77657195.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\77657195.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\77A36D30 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\77CE713C.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\78802D79 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\79C15431 Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\7A6C489F.exe Infected: Trojan-Downloader.Win32.Agent.lq
C:\Program Files\Norton AntiVirus\Quarantine\7A7A23F5.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\7A7A23F5.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\7A7A23F5.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\7AB13A53.exe Infected: Trojan-Downloader.Win32.Agent.lq
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7BED53F6.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\7C4E4A5D.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\7C4E4A5D.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\7C7B221D.dll Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\7D376713.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7D8656FA Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\7DBE7D5D.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\7E022A31.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\7F3108E8 Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\7FCF4E5D.class Infected: Trojan.Java.ClassLoader.d
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP12\A0013861.exe Infected: IM-Worm.Win32.Chiem.a
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP13\A0014026.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP25\A0034632.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP25\A0035682.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP25\A0035737.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP26\A0035823.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP26\A0035896.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP26\A0036885.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP27\A0037875.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP27\A0038883.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP27\A0039885.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP27\A0039939.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0040942.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0041025.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0042081.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0043075.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0044096.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0045159.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP30\A0047277.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP35\A0058986.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP35\A0062921.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP36\A0063392.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP41\A0064501.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP43\A0064810.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP56\A0080478.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP56\A0081478.tlb Infected: Trojan-Downloader.Win32.Z