Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Cannot find c:\windows\inet20002\services.exe [

Started by gregr2 , Dec 06 2005 11:58 AM

  • This topic is locked This topic is locked

#1
gregr2
Posted 06 December 2005 - 11:58 AM

gregr2

    New Member

  • Member
  • Pip
  • 6 posts
I started getting the following error after windows XP finished booting. c:\windows\inet20002\services.exe * Windows cannot find "c:\windows\ine20002\services.exe Make sure you typed the name correctly...
Then after that errro it has Could Not load or run c:\windows\inet20002\services.exe specified in the registry. Make sure the file exists on your computer...

I followed all of the steps on the "You Must Read This Before Posting A Hijackthis Log, Required steps before posting your log." page. I have Norton Internet Security, X-Cleaner and CounterSpy on the machine. I ran all of them and they really didn't find anything.
I ran cleanup
ad-aware SE - cleaned up some spyware
cwshredder - nothing
Spybot - nothing
Ewido - found and cleaned some. Here is the log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:03:28 AM, 12/6/2005
+ Report-Checksum: 9F68DDA1

+ Scan result:

HKU\S-1-5-21-1792287775-1852260533-1234784915-1003\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1792287775-1852260533-1234784915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} -> Spyware.Antispykeylog : Cleaned with backup
HKU\S-1-5-21-1792287775-1852260533-1234784915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-762d722b-170d8612.class -> Downloader.Small.wv : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-374d025b-39d8fe00.class -> Trojan.Nocheat : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1660dbc9-7ff393e6.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-18d1a667-102134b7.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-25705fb4-616cbc74.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3b4c87ad-4a445014.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-504620c2-7ad2e256.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-58581c27-42565b6c.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-1263f623.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6dc3f54f-435c5351.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-78ee691-2316ff8f.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-7dbaf4a8-15560f7b.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-7dbaf4a8-15560f7b.zip/Beyond.class -> Trojan.Java.ClassLoader.k : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-f30ee60-1f25ea8d.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-14707097-511f2728.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-5c96ed05-79faa07c.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counters.jar-14ddd667-1a9c501e.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-4d7e06c5-4d6a23b8.zip/Matrix.class -> Downloader.Java.OpenStream.c : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-72d27b7f-28b4764e.zip/javautil.zip -> Backdoor.Dumador.dg : Cleaned with backup
C:\weird files\jkjgwdgs.exe -> Backdoor.Rbot : Cleaned with backup
C:\weird files\jkvmuaaa.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\inet20002\3.00.11.dll -> Spyware.Ihbo : Cleaned with backup
C:\WINDOWS\system32\gkbjppfo.exe -> Proxy.Wopla.n : Cleaned with backup
C:\WINDOWS\system32\sdgvgxco.exe -> Spyware.CWS : Cleaned with backup


::Report End


Then I ran
TrojanHunter - found and cleaned a bunch
Rebooted and here is my HijackThis log: (The bootup errors are still there)

Logfile of HijackThis v1.99.1
Scan saved at 12:46:44 PM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: run=C:\WINDOWS\inet20002\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCLEAN~1.EXE" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104960047078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Zip Backup to CD (ZipBackup2CD) - Datahjaelp - C:\Program Files\Datahjaelp\Zip Backup to CD\ZipBackSrv.exe

Thanks and any help would be greatly appreciated!
Greg
  • 0

Advertisements

#2
lovethepirk
Posted 10 December 2005 - 11:41 PM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
greg,

Welcome to G2G. Sorry it has taken a bit to get to you but we are very busy.

Clean out temporary files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Scan with HijackThis again and place a check next to these items:

F3 - REG:win.ini: run=C:\WINDOWS\inet20002\services.exe

Close all other windows except HijackThis, and hit Fix Checked

Navigate to this folder and delete it:
C:\WINDOWS\inet20002

Reboot.

Please download Registry Search
Unzip it to a convenient location.

Doubleclick Registry Search.
Enter services.exe in the edit and click "Ok".
Notepad will be opened with text in it (the file will be saved in the program's folder as well). Save the Notepad file to your desktop.


Post the log from the registry search along with another HJT log.
  • 0

#3
gregr2
Posted 11 December 2005 - 09:37 AM

gregr2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks, I ran everything and here are the logs.


REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.2.1

; Results at 12/11/2005 10:33:45 AM for strings:
; 'services.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\services.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\services.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\services.exe]

; End Of The Log...



Logfile of HijackThis v1.99.1
Scan saved at 10:36:22 AM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCLEAN~1.EXE" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104960047078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Zip Backup to CD (ZipBackup2CD) - Datahjaelp - C:\Program Files\Datahjaelp\Zip Backup to CD\ZipBackSrv.exe
  • 0

#4
lovethepirk
Posted 11 December 2005 - 09:57 AM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Greg,



Is your Norton up-to-date and paid for? If not there are some good free alternatives to Norton.

Did that error message go away?

I would like you to run one online scan:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Also post another HJT log.

LTP
  • 0

#5
gregr2
Posted 12 December 2005 - 05:36 AM

gregr2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes, the error did go away.

My Norton subscription is up to date.

Are these results for real??


Here are the scan results:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, December 12, 2005 06:32:45
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/12/2005
Kaspersky Anti-Virus database records: 164559
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 113650
Number of viruses found: 51
Number of infected objects: 990
Number of suspicious objects: 7
Duration of the scan process: 8505 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019B0D28.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019B0D28.zip/a.class Infected: Trojan.Java.ClassLoader.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019B0D28.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019B0D28.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019B0D28.zip Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01AB5F16.class Infected: Trojan.Java.ClassLoader.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01AF0912.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01CE2857.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01D25254.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01D25254.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01D25254.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01D25254.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01D25254.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01D84CF2.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01DB5049.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01DF7A45.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01DF7A45.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01E22442.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\028164E2.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\028164E2.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\028164E2.zip Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02F64C61.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02F9765D.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02FD2059.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02FD2059.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03004A56.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03004A56.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03004A56.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03004A56.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03004A56.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03037452.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03061E4F.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\030A484B.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\032011CF.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03355E36.exe Infected: Backdoor.Win32.PPdoor.bp
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03491E39.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03804A48.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0396256E Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04A53623.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04A53623.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04A53623.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04A53623.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04BC1ACE.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04F706EC.class Infected: Trojan.Java.ClassLoader.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04FA30E8.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04FA30E8.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04FA30E8.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04FA30E8.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04FA30E8.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04FE5AE5.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\050104E1.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05042EDE.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\050758DA.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\050B1D5D.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\050E2CD3.class Infected: Trojan.Java.ClassLoader.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\051156CF.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06A445A7.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06F230D1.tmp Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07621B2D.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07761717.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07761717.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07761717.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07761717.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07761717.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07794114.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0780150D.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07866905.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07A5102C.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07A93A28.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07A93A28.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07A93A28.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07A93A28.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07A93A28.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07B90C16.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07C63408.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07DA2FF2.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07DD59EF.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\083F26AB.exe Infected: Backdoor.Win32.Rbot.adf
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0872081A.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08BA56A5.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09A6022E.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09BA7E18.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09BD2815.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09FE4EFA.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A561EF3.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A5D6056.exe Infected: Backdoor.Win32.PPdoor.bp
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD80D1A.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BEB0904.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C092D8E.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDA6E8B.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1718C3.exe Infected: Trojan-Proxy.Win32.Delf.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1B42BF.exe Infected: Email-Worm.Win32.Delf.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2C464E.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D561711.exe Infected: Backdoor.Win32.Rbot.adf
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E2A121F.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E373A11.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E3D0E09.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E3D0E09.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E3D0E09.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E3D0E09.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E3D0E09.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E413806.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E446202.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E470BFF.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E9478C5 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EEA3CD6.class Infected: Trojan.Java.ClassLoader.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EED66D3.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EED66D3.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EED66D3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EED66D3.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EED66D3.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF010CF.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF06943.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF43ACB.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF63D3C.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF63D3C.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF63D3C.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF63D3C.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF63D3C.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF764C8.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EFD1135.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EFD38C1.class Infected: Trojan.Java.ClassLoader.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F03652E.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F0B60B2.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F8E400D.exe Infected: Trojan-Proxy.Win32.Delf.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F941406.exe Infected: Email-Worm.Win32.Delf.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\102D1F84.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\103D7172.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10411B6F.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10575626.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10EA5516.class Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10ED7F12.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1168537E.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11757B70.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1179256C.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1179256C.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1179256C.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1179256C.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1179256C.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\117C4F68.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\117F7965.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11822361.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11836BBE.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11836BBE.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11836BBE.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11836BBE.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11836BBE.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\118715BB.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\118A3FB7.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\118D69B3.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11943DAC.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D45F2B.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11E14107.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1228349B.htm Infected: Trojan-Downloader.JS.Psyme.ap
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\122B5E97.zip/Beyond.class Infected: Trojan.Java.Needy.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\122B5E97.zip/BlackBox.class Infected: Trojan.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\122B5E97.zip/VerifierBug.class Infected: Trojan.Java.Needy.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\122B5E97.zip Infected: Trojan.Java.Needy.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\124569C8.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\129B60EB.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12FE5C1D.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130B0E89.tmp Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\134F53BA.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13527DB7.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13527DB7.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13527DB7.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13527DB7.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13527DB7.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135E60FC.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135E60FC.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135E60FC.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135E60FC.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135E60FC.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135F25A8.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13620AF8.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13620AF8.tmp/web.exe Infected: Virus.Win32.Bube.l
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13620AF8.tmp/Counter.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13620AF8.tmp/VerifierBug.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13620AF8.tmp/Worker.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13620AF8.tmp/Xeyond.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13620AF8.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13624FA5.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136679A1.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13685EF1.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1369239E.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136C08EE.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13735908.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13770305.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13770305.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13770305.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13770305.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13770305.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\137A2D01.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\138E28EB.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13947CE4.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\142262EB.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\142C48EE.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14554953.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14704BD7.tmp Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1518298D.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1518298D.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15C71C90.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15D76E7E.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\161F66E8.class Infected: Trojan.Java.ClassLoader.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\161F66E8.zip/a.class Infected: Trojan.Java.ClassLoader.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\161F66E8.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\161F66E8.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\161F66E8.zip Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\162210E4.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16253AE1.class Infected: Trojan.Java.ClassLoader.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17CD30D4.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17DE02C2.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18154C85.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\183C4B3D Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18484040.htm Infected: Trojan-Downloader.JS.Small.bq
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\184B6A3C.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\185A0140.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18621023.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18621023.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18621023.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18621023.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18621023.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18D1382B Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18DB3620 Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18DE601D Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B0B5179.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B561EF0.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C446297.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C446297.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C446297.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C446297.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C446297.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CF36D94.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DFB3F4C.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2026044C.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2026044C.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2026044C.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2026044C.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2026044C.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\208C7586.htm Infected: Virus.Win32.Bube.k
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20CF202B.htm Infected: Trojan-Clicker.HTML.IFrame.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\218F1DC3.zip/a.class Infected: Trojan.Java.ClassLoader.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\218F1DC3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\218F1DC3.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\218F1DC3.zip Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\219247BF.class Infected: Trojan.Java.ClassLoader.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\219571BC.class Infected: Trojan.Java.ClassLoader.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\221733E1.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2262798E.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\230330F2.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23D07D3C.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23D75135.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23D75135.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24017306.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24017306.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24017306.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24017306.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24450CF7.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\263B0C3E.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\273A6794.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\278049FB.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27F52A36 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28F55728.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A33783F.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AA625F8.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ABC4BDF.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ABC4BDF.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ABC4BDF.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ABC4BDF.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ABC4BDF.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AC31FD7.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AC649D4.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AC973D0.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B0379C9.class Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BDC00B4.htm Infected: Trojan-Downloader.JS.Small.bq
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BEC03B5 Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C48186F.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C48186F.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C48186F.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C48186F.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CB46A17.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E0207DC.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E12381E.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EEF4140.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EEF4140.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EEF4140.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EEF4140.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EEF54FD.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF26B3D.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF51539.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F584C72.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F754652.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F7C1A4A.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F7C1A4A.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F7C1A4A.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F7C1A4A.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F7C1A4A.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F7F4447.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F861840.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F8C6C38.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F8F1635.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB03A11.htm Suspicious: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB70E0A.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FBA3806.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30EF236D Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30F551D3.htm Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313C002C.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313C002C.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\316A24F1.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31BE15BF.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31D865A2.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31D865A2.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31D865A2.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31D865A2.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31D865A2.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31DC0F9E.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31DF399B.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31E26397.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\327F42EB.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\327F42EB.htm Suspicious: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\327F42EB.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\327F42EB.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\327F42EB.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\327F42EB.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32826CE7.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\328616E4.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32B52D64.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32CF06D5 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32D230D1 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33C97387.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\348169EC.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34851327.class Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\349D2E8F Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\350B0878.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3517546A.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\354917C2.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\357E2F81.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35FD18E7.class Infected: Trojan.Java.ClassLoader.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\360042E3.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\360042E3.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\360042E3.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\360042E3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\360042E3.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\360042E3.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Q
  • 0

#6
lovethepirk
Posted 12 December 2005 - 01:25 PM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
All those files in the Kaspersky log are from Norton's Quarantine and they are NOT hurting you :tazz: Let's get rid of them though.

These are the instructions for removing the bad files stuck in Norton 2005 quarantine(if you have a different version and cannot figure this out let me know):

1) Open Norton
2) Click "Reports"
3) Click "View Quarantined Items"
4) Select all the items in the quarantine area and click "delete item"

Are things running smoothly...please post one more hjt log and just tell me how things are.

LTP

Edited by lovethepirk, 12 December 2005 - 01:26 PM.

  • 0

#7
gregr2
Posted 13 December 2005 - 05:32 AM

gregr2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here are the two logs, thanks again.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, December 13, 2005 06:29:41
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/12/2005
Kaspersky Anti-Virus database records: 164805
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 112444
Number of viruses found: 16
Number of infected objects: 52
Number of suspicious objects: 0
Duration of the scan process: 8645 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-4a9df386-32b7f9d2.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-4a9df386-32b7f9d2.zip Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-3e561356.zip/Beyond.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-3e561356.zip/BlackBox.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-3e561356.zip Infected: Exploit.Java.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-2d03512c.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-2d03512c.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-2d03512c.zip Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-4c563ff3.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-4c563ff3.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-4c563ff3.zip Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv146.jar-7ed95cd5-72850a39.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv146.jar-7ed95cd5-72850a39.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv400.jar-5f74ae3-566c3d65.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv400.jar-5f74ae3-566c3d65.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv405.jar-63dc068-7da9e922.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv405.jar-63dc068-7da9e922.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv428.jar-69f254d1-7763eae5.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv428.jar-69f254d1-7763eae5.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv451.jar-1e1ecc95-28725e24.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv451.jar-1e1ecc95-28725e24.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv493.jar-157d2efd-1142b20d.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv493.jar-157d2efd-1142b20d.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv543.jar-5248039c-74b344a3.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv543.jar-5248039c-74b344a3.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-153a10ee-20bda1d9.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-153a10ee-20bda1d9.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv637.jar-4c1bbbd6-16fffe39.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv637.jar-4c1bbbd6-16fffe39.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Downloads\cs1005.exe/WISE0024.BIN Infected: not-a-virus:Server-Proxy.Win32.Hltv
C:\Downloads\cs1005.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP387\A0044790.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP391\A0044898.exe Infected: Trojan-Dropper.Win32.Small.ue
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP391\A0044911.exe Infected: Trojan-Downloader.Win32.CWS.n
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP393\A0045036.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP393\A0045037.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP393\A0045038.dll Infected: not-a-virus:AdWare.Win32.Ihbo.gen
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP393\A0045039.exe Infected: Trojan-Proxy.Win32.Wopla.n
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP393\A0045040.exe Infected: Trojan-Downloader.Win32.CWS.n
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP404\A0045846.hta Infected: Trojan-Downloader.VBS.Psyme.av
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045966.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045967.exe Infected: Trojan-Proxy.Win32.Delf.aa
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045968.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045969.exe Infected: Trojan-Proxy.Win32.Delf.aa
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045970.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045971.exe Infected: Backdoor.Win32.PPdoor.bp
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045972.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045973.exe Infected: Backdoor.Win32.PPdoor.bp
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045974.exe Infected: Backdoor.Win32.PPdoor.bp
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045975.exe Infected: Trojan-Downloader.Win32.Small.amq
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP406\A0045976.exe Infected: Trojan-Dropper.Win32.Small.uf
C:\WINDOWS\msn.hta Infected: Trojan-Downloader.VBS.Psyme.av

Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 6:31:50 AM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCLEAN~1.EXE" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104960047078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Zip Backup to CD (ZipBackup2CD) - Datahjaelp - C:\Program Files\Datahjaelp\Zip Backup to CD\ZipBackSrv.exe
  • 0

#8
lovethepirk
Posted 13 December 2005 - 09:32 AM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Let's clean those files out, they are not as bad as you think :tazz:
You might want to print these out as there will be a reboot in the middle of some instructions.


1. Go to Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked:

1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.

Then let's flush your system restore points...

Go to Start > Control Panel > System > System Restore Tab.
Check "Turn off System Restore".
Immediately reboot (all your restore points will be deleted by this).
Then Start->Control Panel->System, System Restore again.
UnCheck "Turn off System Restore" and create a new clean restore point.

Then let me know how everything is and we can send you off with some ending protection.


Thanks,

LTP
  • 0

#9
gregr2
Posted 14 December 2005 - 05:15 AM

gregr2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OK did all of that. Here are the new logs:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, December 14, 2005 06:12:50
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 14/12/2005
Kaspersky Anti-Virus database records: 165010
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 95283
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 7975 sec

Infected Object Name - Virus Name
C:\Downloads\cs1005.exe/WISE0024.BIN Infected: not-a-virus:Server-Proxy.Win32.Hltv
C:\Downloads\cs1005.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv
C:\WINDOWS\msn.hta Infected: Trojan-Downloader.VBS.Psyme.av

Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 6:14:54 AM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCLEAN~1.EXE" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104960047078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Zip Backup to CD (ZipBackup2CD) - Datahjaelp - C:\Program Files\Datahjaelp\Zip Backup to CD\ZipBackSrv.exe
  • 0

#10
lovethepirk
Posted 14 December 2005 - 12:14 PM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Manually delete this file:
C:\WINDOWS\msn.hta

How are things running?


Please look carefully at this post for some excellent preventative measures to take so you do not get infected again.
Prevention is good :up:

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
  • 0

#11
gregr2
Posted 15 December 2005 - 09:45 PM

gregr2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Things are running great! Thanks for all help.
  • 0

#12
lovethepirk
Posted 16 December 2005 - 08:13 AM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
You are welcome :tazz:
  • 0

#13
lovethepirk
Posted 29 December 2005 - 03:52 AM

lovethepirk

    Visiting Staff

  • Member
  • PipPipPip
  • 528 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP