Virtumode.dll and Virtumode.prx

[timrobins]

hi shaba,

java is updated. here are the scan reports.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 5, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 05, 2008 14:10:36
Records in database: 1292387
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 198048
Threat name: 48
Infected objects: 278
Suspicious objects: 5
Duration of the scan: 02:13:59


File name / Threat name / Threats count
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\6.0\14\467e7c0e-47d50df2 Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\6.0\30\442513de-61a1c118 Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\6.0\40\4be02a68-13781152 Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\6.0\45\30b71c2d-4a33375e Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\6.0\46\1c42c72e-30604034 Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\6.0\51\4278fa73-2dd298d0 Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-67882c47 Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-5931f3b4-73f47ec8.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc0-6157131c.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc0-71140af8.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc2-21e5729b.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc2-3f72d71b.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc2-41774e2f.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-35fbd825.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-7b431159.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-6b26dca8-2034891c.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Documents and Settings\hsc\Local Settings\Application Data\Identities\{FA0BD922-BACD-4A37-9082-1A0E6AEE67E4}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bayfraud.p 5
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Documents and Settings\hsc\Local Settings\Application Data\Identities\{FA0BD922-BACD-4A37-9082-1A0E6AEE67E4}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 4
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Documents and Settings\hsc\Local Settings\Application Data\Identities\{FA0BD922-BACD-4A37-9082-1A0E6AEE67E4}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Paylap.hc 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\02CA02F2.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0446755B.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\04D11BC4.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\05123A2B.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\051E7341.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\076231E9.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\07D37FB5.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\082F272F.htm Infected: Trojan-Downloader.JS.Small.d 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\08B6735A.class Infected: Trojan.Java.ClassLoader.k 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\09B359F9.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0A474E6C.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0C1E5316.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0D49302E.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0D4C5A2A.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0D630011.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0DB52BDB.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0DD819B6.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0DDF3BAB.class Infected: Trojan.Java.ClassLoader.k 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0DE5305F.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0E24540F.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\0F5C4807.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\104B1768.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\106157C2.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\10653CA2.class Infected: Trojan.Java.ClassLoader.i 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\10F7549D.class Infected: Trojan-Downloader.Java.OpenStream.h 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\12B31A9F.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\12F33E7F.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\131D6050.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\14D313A0.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\159778C4.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\15996BC1.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\15B011A8.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\15B33BA4.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\15B665A0.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\16E775C0.class Infected: Trojan.Java.ClassLoader.f 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\179D222B.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\17FD3B45.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\1B755D5F.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\1BE526A8.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\1C5D53C8.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\1DA53E13.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\1E1C27FB.class Infected: Trojan.Java.ClassLoader.k 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\1ED4019B.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\20F44F66.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\21052627.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\21090E49.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\21593BE0.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\22684050.class Infected: Trojan.Java.ClassLoader.h 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\23BF157B.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\23D828FE.htm Infected: Trojan-Downloader.JS.Psyme.ap 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\23E03957.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\24184FC5.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\28F66202.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\295D4444.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2B344AE5.htm Suspicious: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2B35732A.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2B4E1AC8.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2C1B636B.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2C6061AD.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2C83783B Infected: Backdoor.Win32.Agobot.tv 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2CCC3E4E.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2D1A37E8.class Infected: Trojan.Java.ClassLoader.k 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2DBD6AE1.class Infected: Trojan.Java.ClassLoader.k 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2DC453A1.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2DFB37D0.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2FBD4049.class Infected: Trojan.Java.Needy.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2FBD4049.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2FC06A46.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2FC31442.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\2FEF3029.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\32137EC7.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\32462ED3.class Infected: Trojan.Java.ClassLoader.ak 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\337C2D9A.class Infected: Trojan.Java.ClassLoader.t 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\33C828C1.class Infected: Trojan.Java.ClassLoader.Dummy.e 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\33CB52BD.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\33CB52BD.php Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\33CE7CB9.exe Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\348D0A1D.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\35B1175F.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\37880F76.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\378D403C.class Infected: Trojan.Java.Femad 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\37975D48.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\38715828 Infected: Exploit.HTML.CodeBaseExec 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\38E06BAE Infected: Exploit.HTML.CodeBaseExec 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\38F637D6.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\39495754.class Infected: Trojan-Downloader.Java.OpenStream.h 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\39AA32F3.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\39E07DB7 Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3A275609.class Infected: Trojan-Dropper.Java.Beyond.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3AC7177C.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3ACB4179.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3ACB4179.htm Infected: Exploit.HTML.ObjData 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3ACE6B75.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3AD11572.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3AD43F6E.class Infected: Trojan.Java.ClassLoader.j 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3AD8696A.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3ADB1367.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3B146548.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3B7E28D4.class Infected: Trojan.Java.ClassLoader.i 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3BC02892.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3C144801.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3CD95536.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3D473FF4.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3D884DA5.class Infected: Trojan.Java.ClassLoader.i 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3E296EF6.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3F97054C.class Infected: Trojan.Java.ClassLoader.i 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3F9B5100.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3F9B5100.htm Infected: Trojan-Downloader.JS.Small.d 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3F9E7AFC.class Infected: Trojan.Java.Femad 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3FA124F9.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\3FAB22EE.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\402B190D.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\40383054.class Infected: Trojan.Java.Femad 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\40383054.htm Infected: Trojan-Downloader.JS.Small.d 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\406F7A27.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\41D37B07.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\420D25A5.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\42155D2F.class Infected: Trojan.Java.ClassLoader.j 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\429D5F30.class Infected: Trojan.Java.ClassLoader.j 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4345478F.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\43D830B6.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\447065E3.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\467E5654.class Infected: Trojan.Java.ClassLoader.Dummy.d 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\48892FFC.class Infected: Trojan.Java.ClassLoader.d 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\48C53DF9.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\49033636.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\496561DB.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\49A20795.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\49A63191.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\49B6037F.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\49B92D7C.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\49BD5778.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4A986B16.class Infected: Trojan.Java.Needy.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4A9A0202.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4B4A35E8.htm Infected: Trojan.JS.Seeker 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4BD93081.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4DE37B4F.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4E16493F.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4E9E043E.class Infected: Trojan.Java.ClassLoader.l 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4EAB2C30.js Infected: Trojan-Downloader.JS.Psyme.m 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4EC624F9.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\4F8D3FD2.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\501105FE.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\522D2E03.class Infected: Trojan.Java.ClassLoader.k 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\52B81279.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\52C203B2.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5393647F.htm Infected: Trojan-Downloader.JS.Psyme.ap 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\53956805.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\53ED320E.class Infected: Trojan-Dropper.Java.Beyond.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\549B4969.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\549F7366.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\54AF4554.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\54B26F50.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\54E67309.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\54FD7749.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\552F2943.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\557A7075.class Infected: Trojan.Java.ClassLoader.Dummy.e 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\562935C2.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\58D10302.class Infected: Trojan.Java.ClassLoader.k 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5A4C06DD.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5A4F30DA.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5A6002C8.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5B2474D2.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5C637BD6.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5CF25283.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5D434BA5.class Infected: Trojan.Java.ClassLoader.z 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5DD52D03.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5DD52D03.htm Infected: Exploit.VBS.Phel.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5DD956FF.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5DE11038.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5DF142DA.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5EB24E7E.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5F1D707B.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5F201A77.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\5F9D07A7.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\605E69F8.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\607F3A24.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\60AA3028.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\60EC1273.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\60F03C70.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\61000E5E.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\61357ADE.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\62401D95.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\62EC14FB.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\62F319A4.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\631C3800.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\642874B2.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\658E796E.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\662774E3.exe Infected: Trojan-Downloader.Win32.Small.akz 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\672119DF.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\675608C9.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\682379A6.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\6A5479A4.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\6A862397.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\6B9339AD.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\6BE051F1.html Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\6BF34DDB.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\6BF677D8.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\6CCA1C2E.class Infected: Trojan.Java.ClassLoader.l 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\6DE478E6.class Infected: Trojan.Java.ClassLoader.ak 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\6FDB6BE7.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\70673C07.class Infected: Trojan.Java.ClassLoader.j 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\70F23A40.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\70F6643C.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\710D2A81.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\7120060E.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\71AE495A.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\72333773.class Infected: Trojan.Java.ClassLoader.i 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\72446CCF.js Infected: Trojan-Downloader.JS.Psyme.m 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\72665028.class Infected: Trojan-Dropper.Java.Beyond.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\72FA1255.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\73C315CF.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\73F53F89.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\7413057C.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\74FD5B19.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\75452575.class Infected: Trojan.Java.ClassLoader.d 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\754C0749.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\75906B23.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\75D834DC.class Infected: Trojan.Java.ClassLoader.Dummy.e 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\75D834DC.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\75DC5ED8.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\75E55CCE.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\76AF25F9.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\76C43862.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\76C43862.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\76FA4C8C.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\76FD7689.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\77012085.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\77044A82.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\77045C12.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\77045C12.htm Infected: Exploit.HTML.ObjData 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\77103450.class Infected: Trojan-Dropper.Java.Beyond.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\77DC5CC6.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\78BC68E3.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\79CD359C.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\79EB2F7C.class Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\7A1D2A59.class Infected: Trojan.Java.ClassLoader.i 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\7AEB2F61 Infected: Backdoor.Win32.SpyBoter.by 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\7D8B3172.class Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\7DA47B60.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\7E0256CE.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\7E8B6141.class Infected: Trojan.Java.ClassLoader.d 1
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine\7ECA18FF.htm Infected: Trojan-Downloader.VBS.Psyme.j 1
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA\My Shared Folder\kmd171_en.exe Infected: not-a-virus:AdWare.Win32.Cydoor 2
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA\My Shared Folder\kmd171_en.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA\My Shared Folder\kmd171_en.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av 1
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA\My Shared Folder\kmd171_en.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au 1
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA\My Shared Folder\kmd171_en.exe Infected: not-a-virus:AdWare.Win32.DownloadWare.a 1
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA\My Shared Folder\kmd171_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 2
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA\My Shared Folder\kmd171_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.30170 1
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA\My Shared Folder\kmd171_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1100 1
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA\My Shared Folder\kmd171_en.exe Infected: not-a-virus:AdWare.Win32.Altnet.a 1
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll Infected: not-a-virus:AdWare.Win32.MyWay.v 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\848700\848700.dll.vir Infected: not-a-virus:AdWare.Win32.E404.ik 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qfbrvreb.dll.vir Infected: Trojan.Win32.Monder.rcn 1

The selected area was scanned.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:53 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B14\rayserver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Tian Chen\Local Settings\temp\jkos-Tian Chen\binaries\ScanningProcess.exe
C:\Documents and Settings\Tian Chen\Local Settings\temp\jkos-Tian Chen\binaries\ScanningProcess.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\timrorbins.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windowsisearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {235B61B5-A1EB-4D7C-9DBF-25E2433FF851} - (no file)
O2 - BHO: (no name) - {2504ddc5-be03-46a3-b614-7bc8297a8f73} - (no file)
O2 - BHO: (no name) - {37E7A84B-0CDF-405C-9DA5-133866AD19FA} - (no file)
O2 - BHO: (no name) - {453F51E8-FEF5-4C54-B136-944BF434360C} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {51AF0AB3-D795-4791-85C0-CC2966BDA390} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A694D851-F594-4EA0-B928-84E2661F9181} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B6E4F45B-B554-468B-89B9-DF72BFF16636} - (no file)
O2 - BHO: (no name) - {D731CDDF-0DF2-412A-A1C7-8F2B6F1FFF82} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2740A25F-985E-4B2A-939B-BA6B980F4E6D}: NameServer = 151.202.0.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{784E5DCB-0EA2-4BFA-97AC-BDD344931773}: NameServer = 68.237.161.12 71.250.0.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{2740A25F-985E-4B2A-939B-BA6B980F4E6D}: NameServer = 151.202.0.84
O20 - Winlogon Notify: ddcdaxu - C:\WINDOWS\
O20 - Winlogon Notify: wvUooPgf - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ray - Unknown owner - C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B14\rayserver.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11304 bytes



after i immunized all items, the item under windows, global (hosts) sets back to unprotected as soon as i run my norton 360 scan. is that suppose to be?

thank you very much.

[Shaba]

"after i immunized all items, the item under windows, global (hosts) sets back to unprotected as soon as i run my norton 360 scan. is that suppose to be?"

Never heard about such. If so, that is norton related thing.

Empty these folders:

C:\Documents and Settings\Tian Chen\Application Data\Sun\Java\Deployment\cache\
C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Program Files\Norton AntiVirus\Quarantine
C:\QooBox\Quarantine\

Delete these:

C:\Program Files\MyWaySA
C:\Documents and Settings\Tian Chen\Desktop\PORTABLE DRIVE FILES\Program Files\KaZaA

Delete this unless you need it:

C:\Documents and Settings\Tian Chen\Desktop\OLD DRIVE FILES\Documents and Settings\hsc\Local Settings\Application Data\Identities\{FA0BD922-BACD-4A37-9082-1A0E6AEE67E4}\Microsoft\Outlook Express\Deleted Items.dbx

Empty Recycle Bin.

Still problems?

[timrobins]

hi shaba,

i deleted the folders that you'd recommended. i ran another round of kaspersky and nothing showed up on the report . the computer is running great and no pop-ups . i tuned teatimer back on and it is asking me to allow or deny changes to the registry. are they responding to your changes earlier with combo fix or should i deny them?

i want to thank you for spending your valuable time and knowledge to help us with the problems. i don't have a pay-pal account nor thought i'd ever need one. after your professionalism and efforts, i will set one up to repay your generosity and help the cause.

once again, thank you very much.

[timrobins]

hi shaba,

i ran norton 360 and it just picked up two trojans.

trojan.vundo

trojan.zlob

is there a way we can find out where they were hiding even after clean scans from kaspersky and spybot s&d?

thank you very much.

[Shaba]

Please post next norton scan report if available.

[timrobins]

hi shaba,

here are the norton 360 scan reports that was generated couple of hours apart. i've also included the lastest hjt log in case you want to see it.

first scan report:

Scan Stats:
Scan Time: 150 seconds
Counts:
Total items scanned: 3,511
- Files & Directories: 850
- Registry Entries: 305
- Processes & Start-up Items: 2,181
- Network & Browser Items: 160
- Other: 15

Total security risks detected: 2
Total items resolved: 2
Total items that require attention: 0

Resolved Threats:
Trojan.Adclicker
Virus ID: 34860
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
State: Fully Resolved
-----------
2 Processes
c:\documents and settings\tian chen\local settings\temp\prun.exe
c:\documents and settings\tian chen\local settings\temp\prun.exe
1 File
c:\documents and settings\tian chen\local settings\temp\prun.exe
1 Registry Entry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run->prunnet


Tracking Cookie
Virus ID: 4294909925
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Cookie
State: Fully Resolved
-----------
13 Tracking Cookies
Cookie:tian chen@serving-sys.com/
Cookie:tian chen@cbs.112.2o7.net/
Cookie:tian chen@abc.go.com/
Cookie:tian chen@cache.trafficmp.com/adv/gadget/
Cookie:tian chen@insightexpressai.com/
Cookie:tian chen@warnerbros.112.2o7.net/
Cookie:tian chen@questionmarket.com/
Cookie:tian chen@trafficmp.com/
Cookie:tian chen@revsci.net/
Cookie:tian chen@ad.yieldmanager.com/
Cookie:tian chen@go.com/
Cookie:tian chen@2o7.net/
Unknown Cookie




Unresolved Threats:




second scan report:

Scan Stats:
Scan Time: 4,445 seconds
Counts:
Total items scanned: 409,332
- Files & Directories: 406,418
- Registry Entries: 409
- Processes & Start-up Items: 2,244
- Network & Browser Items: 245
- Other: 16

Total security risks detected: 2
Total items resolved: 2
Total items that require attention: 0

Resolved Threats:
Trojan.Vundo
Virus ID: 28544
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
State: Restart Required
-----------
3 Processes
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
14 Files
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp10\a0000370.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000371.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000372.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000373.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000374.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000375.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000376.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000377.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000463.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000464.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0000339.dll
C:\WINDOWS\BM838362d6.txt
C:\WINDOWS\BM838362d6.xml
C:\WINDOWS\pskt.ini
1 Service
DomainService
156 Registry Entries
HKEY_CLASSES_ROOT\CLSID\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}
HKEY_CLASSES_ROOT\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
HKEY_CLASSES_ROOT\CLSID\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A}
HKEY_CLASSES_ROOT\CLSID\{83A5F7B7-DC75-44CE-9195-264F41709FA9}
HKEY_CLASSES_ROOT\CLSID\{CE70731D-F28D-4D81-9D61-C8EE60378401}
HKEY_CLASSES_ROOT\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_CLASSES_ROOT\CLSID\{79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A}
HKEY_CLASSES_ROOT\CLSID\{DAD9C3A5-FB4E-45CD-93EB-2059F4EEF4D1}
HKEY_CLASSES_ROOT\CLSID\{DE8BDE42-16D9-4CCC-9F4F-1C3167B82F60}
HKEY_CLASSES_ROOT\CLSID\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}
HKEY_CLASSES_ROOT\CLSID\{BAD263C7-B253-43D9-A1F7-25A1010E24E2}
HKEY_CLASSES_ROOT\MSEvents.MSEvents
HKEY_CLASSES_ROOT\MSEvents.MSEvents.1
HKEY_CLASSES_ROOT\IEpl.IEpl
HKEY_CLASSES_ROOT\IEpl.IEPl.1
HKEY_CLASSES_ROOT\DPCUpdater.DPCUpdater
HKEY_CLASSES_ROOT\DPCUpdater.DPCUpdater.1
HKEY_CLASSES_ROOT\ATLDistrib.ATLDistrib
HKEY_CLASSES_ROOT\ATLDistrib.ATLDistrib.1
HKEY_CLASSES_ROOT\RawExecAction.RawExecAction
HKEY_CLASSES_ROOT\RawExecAction.RawExecAction.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE70731D-F28D-4D81-9D61-C8EE60378401}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A5F7B7-DC75-44CE-9195-264F41709FA9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAD9C3A5-FB4E-45CD-93EB-2059F4EEF4D1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE8BDE42-16D9-4CCC-9F4F-1C3167B82F60}
HKEY_CLASSES_ROOT\CLSID\{827DC836-DD9F-A602-5812EB50A834}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{827DC836-DD9F-A602-5812EB50A834}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD263C7-B253-43D9-A1F7-25A1010E24E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks->{BAD263C7-B253-43D9-A1F7-25A1010E24E2}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0612F71E-934B-4D92-B8E8-2E29EA78EB03}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A}
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A}
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-A602-5812EB50A834}
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-A602-5812EB50A834}
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-A602-5812EB50A834}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-A602-5812EB50A834}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-A602-5812EB50A834}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-A602-5812EB50A834}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401}
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401}
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAD9C3A5-FB4E-45CD-93EB-2059F4EEF4D1}
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAD9C3A5-FB4E-45CD-93EB-2059F4EEF4D1}
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAD9C3A5-FB4E-45CD-93EB-2059F4EEF4D1}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAD9C3A5-FB4E-45CD-93EB-2059F4EEF4D1}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAD9C3A5-FB4E-45CD-93EB-2059F4EEF4D1}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAD9C3A5-FB4E-45CD-93EB-2059F4EEF4D1}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run->SysUpd
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run->80b0514a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run->BM838362d6
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run->WindowsUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Run->SysUpd
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run->SysUpd
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run->SysUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Run->SysUpd
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run->SysUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Run->SysUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\Windows\CurrentVersion\Run->WindowsUpd
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run->WindowsUpd
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run->WindowsUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\Windows\CurrentVersion\Run->WindowsUpd
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run->WindowsUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\Windows\CurrentVersion\Run->WindowsUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\WindowsUpd
HKEY_USERS\S-1-5-19\Software\Microsoft\WindowsUpd
HKEY_USERS\S-1-5-20\Software\Microsoft\WindowsUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\WindowsUpd
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\WindowsUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\SysUpd
HKEY_USERS\S-1-5-19\Software\Microsoft\SysUpd
HKEY_USERS\S-1-5-20\Software\Microsoft\SysUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\SysUpd
HKEY_USERS\.DEFAULT\Software\Microsoft\SysUpd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\SysUpd
HKEY_CLASSES_ROOT\CLSID\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}
HKEY_CLASSES_ROOT\CLSID\{A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9}
HKEY_LOCAL_MACHINE\Software\Microsoft\DomainService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\aldd
HKEY_USERS\S-1-5-19\Software\Microsoft\aldd
HKEY_USERS\S-1-5-20\Software\Microsoft\aldd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\aldd
HKEY_USERS\.DEFAULT\Software\Microsoft\aldd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\aldd
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\rdfa
HKEY_USERS\S-1-5-19\Software\Microsoft\rdfa
HKEY_USERS\S-1-5-20\Software\Microsoft\rdfa
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\rdfa
HKEY_USERS\.DEFAULT\Software\Microsoft\rdfa
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\rdfa
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\CAC
HKEY_USERS\S-1-5-19\Software\Microsoft\CAC
HKEY_USERS\S-1-5-20\Software\Microsoft\CAC
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\CAC
HKEY_USERS\.DEFAULT\Software\Microsoft\CAC
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\CAC
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\contim
HKEY_USERS\S-1-5-19\Software\Microsoft\contim
HKEY_USERS\S-1-5-20\Software\Microsoft\contim
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\contim
HKEY_USERS\.DEFAULT\Software\Microsoft\contim
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\contim
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-1006\Software\Microsoft\affltid
HKEY_USERS\S-1-5-19\Software\Microsoft\affltid
HKEY_USERS\S-1-5-20\Software\Microsoft\affltid
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-500\Software\Microsoft\affltid
HKEY_USERS\.DEFAULT\Software\Microsoft\affltid
HKEY_USERS\S-1-5-21-1394239760-2667245113-190792720-501\Software\Microsoft\affltid
HKEY_LOCAL_MACHINE\Software\Microsoft\FCOVM
HKEY_LOCAL_MACHINE\Software\Microsoft\RemoveRP
HKEY_LOCAL_MACHINE\Software\Microsoft\80b043c4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon->SFCDisable:0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa->Authentication Packages:...


Trojan.Awax
Virus ID: 18137
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
State: Fully Resolved
-----------
1 File
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp6\a0000203.dll




Unresolved Threats:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:36 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B14\rayserver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\timrorbins.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windowsisearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {235B61B5-A1EB-4D7C-9DBF-25E2433FF851} - (no file)
O2 - BHO: (no name) - {2504ddc5-be03-46a3-b614-7bc8297a8f73} - (no file)
O2 - BHO: (no name) - {37E7A84B-0CDF-405C-9DA5-133866AD19FA} - (no file)
O2 - BHO: (no name) - {453F51E8-FEF5-4C54-B136-944BF434360C} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {51AF0AB3-D795-4791-85C0-CC2966BDA390} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A694D851-F594-4EA0-B928-84E2661F9181} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B6E4F45B-B554-468B-89B9-DF72BFF16636} - (no file)
O2 - BHO: (no name) - {D731CDDF-0DF2-412A-A1C7-8F2B6F1FFF82} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2740A25F-985E-4B2A-939B-BA6B980F4E6D}: NameServer = 151.202.0.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{784E5DCB-0EA2-4BFA-97AC-BDD344931773}: NameServer = 68.237.161.12 71.250.0.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{2740A25F-985E-4B2A-939B-BA6B980F4E6D}: NameServer = 151.202.0.84
O20 - Winlogon Notify: ddcdaxu - C:\WINDOWS\
O20 - Winlogon Notify: wvUooPgf - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ray - Unknown owner - C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B14\rayserver.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10776 bytes


please take a look at them.

thank you very much.

[Shaba]

Looks like Norton deleted them.

Open HijackThis, click do a system scan only and checkmark these:


R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windowsisearch.com
O2 - BHO: (no name) - {235B61B5-A1EB-4D7C-9DBF-25E2433FF851} - (no file)
O2 - BHO: (no name) - {2504ddc5-be03-46a3-b614-7bc8297a8f73} - (no file)
O2 - BHO: (no name) - {37E7A84B-0CDF-405C-9DA5-133866AD19FA} - (no file)
O2 - BHO: (no name) - {453F51E8-FEF5-4C54-B136-944BF434360C} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {51AF0AB3-D795-4791-85C0-CC2966BDA390} - (no file)
O2 - BHO: (no name) - {A694D851-F594-4EA0-B928-84E2661F9181} - (no file)
O2 - BHO: (no name) - {B6E4F45B-B554-468B-89B9-DF72BFF16636} - (no file)
O2 - BHO: (no name) - {D731CDDF-0DF2-412A-A1C7-8F2B6F1FFF82} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: ddcdaxu - C:\WINDOWS\
O20 - Winlogon Notify: wvUooPgf - C:\WINDOWS\

Close all windows including browser and press fix checked.

Reboot.

Post back a fresh HijackThis log, please.

[timrobins]

hi shaba,

i deleted the above mentioned items. here is the fresh hjt log as requested.

thank you very much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:22 PM, on 10/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B14\rayserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Trend Micro\HijackThis\timrorbins.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2740A25F-985E-4B2A-939B-BA6B980F4E6D}: NameServer = 151.202.0.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{784E5DCB-0EA2-4BFA-97AC-BDD344931773}: NameServer = 68.237.161.12 71.250.0.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{2740A25F-985E-4B2A-939B-BA6B980F4E6D}: NameServer = 151.202.0.84
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ray - Unknown owner - C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B14\rayserver.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9749 bytes

[Shaba]

Logs looks fine.

Still problems?

[timrobins]

hi shaba,

it is running great, but as soon as i turn tea timer back on the windowsisearch.com comes back even i'd denied its request to make change to my registry. after couple of minutes, the other registry change requests pop up again and the option of denying the changes is greyed out.

at this time, i deleted the registry lines again as recommended above and turned off tea timer. any suggestions of resolving this or should i just keep tea timer off?

thank you very much.