Tech Support Forum - View Single Post - Many Viruses

**BobRiff** · 11-23-2005, 06:24 AM

HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 8:14:56 AM, on 11/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Documents and Settings\PaulF\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://businessonline.motorola.com/...l=/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093619948380
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131719009848
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AndersonRadio.local
O17 - HKLM\Software\..\Telephony: DomainName = AndersonRadio.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AndersonRadio.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AndersonRadio.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = AndersonRadio.local
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

Kaspersky Log
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, November 23, 2005 07:09:01
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 22/11/2005
Kaspersky Anti-Virus database records: 151337
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\$VAULT$.AVG\
C:\4nec2\
C:\adi\
C:\Andrew\
C:\AntennaSolver\
C:\ANTWIND\
C:\arc\
C:\backup\
C:\brmdf\
C:\Cadd6\
C:\caddin\
C:\Caddout\
C:\Caddprnt\
C:\CPS\
C:\CS Data\
C:\cygwin\
C:\DIRPAT\
C:\DOCS\
C:\Documents and Settings\
C:\Inetpub\
C:\MDF\
C:\MDS\
C:\Mike's Computer Stuff\
C:\MOBILE DATA\
C:\Mobile DB Data Bases\
C:\Motorola Canopy\
C:\motorola flash\
C:\MRSS\
C:\MXTOOLS\
C:\My Download Files\
C:\My Downloads\
C:\NEC\
C:\nist\
C:\NTS Data\
C:\ORS\
C:\PalmDL\
C:\paulfbackup\
C:\PCMCIA MDC CARD\
C:\PMAIL\
C:\pmdc save\
C:\printgl\
C:\Pro sites\
C:\Program Files\
C:\PROGRAMF\
C:\PROWIN3\
C:\putty\
C:\RADIOMAX\
C:\radios\
C:\RECYCLER\
C:\sav\
C:\Save 2\
C:\SCGWDEMO\
C:\Scholer-Johnson\
C:\Sites\
C:\Synex\
C:\SYSKEY\
C:\System Volume Information\
C:\temp\
C:\TFTP-Root\
C:\Toshiba\
C:\TRN\
C:\WINDOWS\
C:\winrss\
C:\WINSJIPP\

Scan Statistics:
Total number of scanned objects: 86619
Number of viruses found: 13
Number of infected objects: 32
Number of suspicious objects: 1
Duration of the scan process: 15812 sec

Infected Object Name - Virus Name
C:\brmdf\cracksearcher (Works Great).zip/CrackSearcher.exe Infected: HackTool.Win32.CrackSearch.a
C:\brmdf\cracksearcher (Works Great).zip Infected: HackTool.Win32.CrackSearch.a
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4e92308d-3182be77.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-16650209.zip/b.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-16650209.zip/c.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-16650209.zip/d.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-16650209.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-2325c9bc.zip/b.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-2325c9bc.zip/c.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-2325c9bc.zip/d.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-2325c9bc.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-376e85c8.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-376e85c8.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-376e85c8.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-376e85c8.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-330ed794-41c83d18.zip/web.exe Infected: Trojan-Downloader.Win32.Small.bkg
C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-330ed794-41c83d18.zip Infected: Trojan-Downloader.Win32.Small.bkg
C:\Documents and Settings\PaulF\Local Settings\Temporary Internet Files\Content.IE5\QFCDILUZ\deliver46860[1].html Suspicious: Exploit.HTML.Mht
C:\My Download Files\Incomplete\T-872159-Advanced Registry Doctor Pro 5.3.6.15.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\My Download Files\Incomplete\T-872159-Advanced Registry Doctor Pro 5.3.6.15.zip Infected: Worm.Win32.VB.an
C:\My Download Files\zdnet\eMulePlus-1.1.Installer.exe/stream/data0006 Infected: Trojan.Win32.Qrap
C:\My Download Files\zdnet\eMulePlus-1.1.Installer.exe/stream Infected: Trojan.Win32.Qrap
C:\My Download Files\zdnet\eMulePlus-1.1.Installer.exe Infected: Trojan.Win32.Qrap
C:\PalmDL\Palm SDK\crack_170077.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\PalmDL\Palm SDK\crack_170077.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\PalmDL\Palm SDK\handmap 4.7.4-keygen-icu crack_216153.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\PalmDL\Palm SDK\handmap 4.7.4-keygen-icu crack_216153.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\PalmDL\Palm SDK\handmap pro crack_137746.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\PalmDL\Palm SDK\handmap pro crack_137746.exe Infected: Trojan-Downloader.Win32.INService.ja
C:\System Volume Information\_restore{87426783-37B6-45D9-B169-8B6A8716E4B6}\RP8\A0008549.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{87426783-37B6-45D9-B169-8B6A8716E4B6}\RP8\A0008550.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{87426783-37B6-45D9-B169-8B6A8716E4B6}\RP9\A0008773.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{87426783-37B6-45D9-B169-8B6A8716E4B6}\RP9\A0008774.exe Infected: Trojan.Win32.Crypt.t

Scan process completed.

11-23-2005, 06:24 AM	#1 (permalink)
BobRiff I helped the forums. Join Date: Jul 2005 Posts: 29 OS: XP	Many Viruses - Please Help HJT Log Logfile of HijackThis v1.99.1 Scan saved at 8:14:56 AM, on 11/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe C:\Documents and Settings\PaulF\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://businessonline.motorola.com/...l=/default.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093619948380 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131719009848 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AndersonRadio.local O17 - HKLM\Software\..\Telephony: DomainName = AndersonRadio.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AndersonRadio.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AndersonRadio.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = AndersonRadio.local O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing) O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing) Kaspersky Log ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, November 23, 2005 07:09:01 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 22/11/2005 Kaspersky Anti-Virus database records: 151337 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\$VAULT$.AVG\ C:\4nec2\ C:\adi\ C:\Andrew\ C:\AntennaSolver\ C:\ANTWIND\ C:\arc\ C:\backup\ C:\brmdf\ C:\Cadd6\ C:\caddin\ C:\Caddout\ C:\Caddprnt\ C:\CPS\ C:\CS Data\ C:\cygwin\ C:\DIRPAT\ C:\DOCS\ C:\Documents and Settings\ C:\Inetpub\ C:\MDF\ C:\MDS\ C:\Mike's Computer Stuff\ C:\MOBILE DATA\ C:\Mobile DB Data Bases\ C:\Motorola Canopy\ C:\motorola flash\ C:\MRSS\ C:\MXTOOLS\ C:\My Download Files\ C:\My Downloads\ C:\NEC\ C:\nist\ C:\NTS Data\ C:\ORS\ C:\PalmDL\ C:\paulfbackup\ C:\PCMCIA MDC CARD\ C:\PMAIL\ C:\pmdc save\ C:\printgl\ C:\Pro sites\ C:\Program Files\ C:\PROGRAMF\ C:\PROWIN3\ C:\putty\ C:\RADIOMAX\ C:\radios\ C:\RECYCLER\ C:\sav\ C:\Save 2\ C:\SCGWDEMO\ C:\Scholer-Johnson\ C:\Sites\ C:\Synex\ C:\SYSKEY\ C:\System Volume Information\ C:\temp\ C:\TFTP-Root\ C:\Toshiba\ C:\TRN\ C:\WINDOWS\ C:\winrss\ C:\WINSJIPP\ Scan Statistics: Total number of scanned objects: 86619 Number of viruses found: 13 Number of infected objects: 32 Number of suspicious objects: 1 Duration of the scan process: 15812 sec Infected Object Name - Virus Name C:\brmdf\cracksearcher (Works Great).zip/CrackSearcher.exe Infected: HackTool.Win32.CrackSearch.a C:\brmdf\cracksearcher (Works Great).zip Infected: HackTool.Win32.CrackSearch.a C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4e92308d-3182be77.class Infected: Trojan.Java.ClassLoader.Dummy.d C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-16650209.zip/b.class Infected: Trojan.Java.ClassLoader.c C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-16650209.zip/c.class Infected: Exploit.Java.Bytverify C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-16650209.zip/d.class Infected: Trojan-Downloader.Java.OpenConnection.v C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-16650209.zip Infected: Trojan-Downloader.Java.OpenConnection.v C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-2325c9bc.zip/b.class Infected: Trojan.Java.ClassLoader.c C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-2325c9bc.zip/c.class Infected: Exploit.Java.Bytverify C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-2325c9bc.zip/d.class Infected: Trojan-Downloader.Java.OpenConnection.v C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-2325c9bc.zip Infected: Trojan-Downloader.Java.OpenConnection.v C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-376e85c8.zip/BlackBox.class Infected: Exploit.Java.ByteVerify C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-376e85c8.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-376e85c8.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-138006ad-376e85c8.zip Infected: Trojan-Downloader.Java.OpenConnection.aa C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-330ed794-41c83d18.zip/web.exe Infected: Trojan-Downloader.Win32.Small.bkg C:\Documents and Settings\PaulF\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-330ed794-41c83d18.zip Infected: Trojan-Downloader.Win32.Small.bkg C:\Documents and Settings\PaulF\Local Settings\Temporary Internet Files\Content.IE5\QFCDILUZ\deliver46860[1].html Suspicious: Exploit.HTML.Mht C:\My Download Files\Incomplete\T-872159-Advanced Registry Doctor Pro 5.3.6.15.zip/Setup.exe Infected: Worm.Win32.VB.an C:\My Download Files\Incomplete\T-872159-Advanced Registry Doctor Pro 5.3.6.15.zip Infected: Worm.Win32.VB.an C:\My Download Files\zdnet\eMulePlus-1.1.Installer.exe/stream/data0006 Infected: Trojan.Win32.Qrap C:\My Download Files\zdnet\eMulePlus-1.1.Installer.exe/stream Infected: Trojan.Win32.Qrap C:\My Download Files\zdnet\eMulePlus-1.1.Installer.exe Infected: Trojan.Win32.Qrap C:\PalmDL\Palm SDK\crack_170077.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja C:\PalmDL\Palm SDK\crack_170077.exe Infected: Trojan-Downloader.Win32.INService.ja C:\PalmDL\Palm SDK\handmap 4.7.4-keygen-icu crack_216153.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja C:\PalmDL\Palm SDK\handmap 4.7.4-keygen-icu crack_216153.exe Infected: Trojan-Downloader.Win32.INService.ja C:\PalmDL\Palm SDK\handmap pro crack_137746.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja C:\PalmDL\Palm SDK\handmap pro crack_137746.exe Infected: Trojan-Downloader.Win32.INService.ja C:\System Volume Information\_restore{87426783-37B6-45D9-B169-8B6A8716E4B6}\RP8\A0008549.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{87426783-37B6-45D9-B169-8B6A8716E4B6}\RP8\A0008550.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{87426783-37B6-45D9-B169-8B6A8716E4B6}\RP9\A0008773.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{87426783-37B6-45D9-B169-8B6A8716E4B6}\RP9\A0008774.exe Infected: Trojan.Win32.Crypt.t Scan process completed.