Bullguard Free Antivirus Forum

The original version of this page can be found at : http://forum.bullguard.com/forum/10/Spywarestrickspyware-sheriff-I_26856.html

Posted By : klas - 1-15-2006 2:58

can anyone help, I am very un-experenced with computors and would appear to have either or both Spywarestrick and Sypware Sheriff on my computor, I keep getting pop-up telling me that my computor is infected. I have tried a number of down loads to scan the computor, but each would appear to be a scan for money. I have been reading some of the enteries on this site and don't fully understand the "hijack logs" people are sending in! Can you help.

Posted By : JSntgvr - 1-15-2006 3:40

Click here to download HJTsetup.exe:

www.thespykiller.co.uk/files/HJTSetup.exe

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Posted By : klas - 1-15-2006 10:09

Logfile of HijackThis v1.99.1
Scan saved at 21:07:19, on 15/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\xrugsb.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\dinst.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpywareStrike\SpywareStrike.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareStrike\SpywareStrike.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: International - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpC65D.tmp
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKLM\..\Run: [eqxtpd] C:\WINDOWS\system32\xrugsb.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYNL_ZBzeb032YYGB
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\q1147984.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Posted By : JSntgvr - 1-16-2006 12:41

Copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Run the Nailfix from here:

castlecops.com/zx/flrman1/Nailfix.zip

Save the file to your desktop.
Unzip Nailfix.zip to extract the files it contains.
Do not do anything with it yet. You will run the Nailfix.cmd file later in Safe Mode.

Click here to download smitRem.exe:

noahdfear.geekstogo.com/click%20counter/click.php?id=1

*Save the file to your desktop.
*It is a self extracting file.
*Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
*Do not do anything with it yet. You will run the RunThis.bat file later in safe mode

Download the trial version of Ewido Security Suite:

http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

Perform the following steps in Safe Mode:

*Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal. Once finished, proceed with the following:

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.

Wait for the tool to complete and disk cleanup to finish.

*Run Ewido:

Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.

Save the report to your desktop.

* Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

* Restart back into Windows normally now.

Perform an ActiveSCan:

http://www.pandasoftware.com/activescan/

Save the report to the desktop.

Post a new HijackThis log and the results of the Ewido and ActiveScan reports.

Post Edited (JSntgvr) : 1/15/2006 11:45:47 PM GMT

Posted By : klas - 1-16-2006 12:03

I received your instructions on removing spywarestrick and spy=sheriff, but I can't finish the last instructions, how can I "Perform an ActiveSCan"

Post Edited (klas) : 1/17/2006 9:46:44 PM GMT

Posted By : klas - 1-16-2006 1:57

Logfile of HijackThis v1.99.1
Scan saved at 12:55:23, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: International - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpBC99.tmp
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYNL_ZBzeb032YYGB
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\q1147984.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Posted By : JSntgvr - 1-16-2006 4:09

Download Killbox from any of the sites below, and have it ready to run later-on:

www.downloads.subratam.org/KillBox.exe

www.downloads.subratam.org/KillBox.zip

Run Hijackthis. Place a checkmark on the following lines and click on Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: International - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpBC99.tmp
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYNL_ZBzeb032YYGB
O20 - Winlogon Notify: st3 - C:\WINDOWS\q1147984.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Boot the computer in Safe Mode

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the Full Path of File to Delete box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the Paste Full Path of File to Delete box.

C:\WINDOWS\Nail.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\system32\hpBC99.tmp

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure not to miss any.

Exit the Killbox.

Boot back to Normal mode.

I need to see the ActiveScan report as well as the Ewido report. Post also a fresh Hijackthis log.

Click on the following link to run the ActiveScan:

www.pandasoftware.com/activescan/

Posted By : klas - 1-16-2006 5:30

Hi its me again, first thanks for all your help we seem to be getting simewhere.I ran the Hijackthis and ticked all the boxes requested but I can't find F2 or O2, I am also having troble downloading ActiveScan, any sugestions.

Logfile of HijackThis v1.99.1
Scan saved at 16:27:20, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Post Edited (klas) : 1/17/2006 9:47:29 PM GMT

Posted By : JSntgvr - 1-16-2006 7:02

Right click mvps.org/winhelp2002/DelDomains.inf and select Save As, or Save Target as, to download WinHelp2002's DelDomains.inf.

Please save the file somewhere you can find it like on the desktop.

Run this file by right clicking on it and selecting Install.

Please run an on-line virus scan at Kaspersky OnLine Scan:

www.kaspersky.com/virusscanner

or if that doesnt work, you can use TrendMicro:

housecall.trendmicro.com/

or BitDefender:

www.bitdefender.com/scan8/ie.html

Please post the results of the scan(s) in your next reply as well as a fresh Hijackthis log.

Post Edited (JSntgvr) : 1/16/2006 6:06:58 PM GMT

Posted By : klas - 1-16-2006 11:02

Are we getting anywhere?

Logfile of HijackThis v1.99.1
Scan saved at 22:00:27, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 16, 2006 21:59:52
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/01/2006
Kaspersky Anti-Virus database records: 161112
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 92000
Number of viruses found: 53
Number of infected objects: 438
Number of suspicious objects: 8
Duration of the scan process: 5025 sec

Infected Object Name - Virus Name
C:\!KillBox\hpBC99.tmp Infected: Trojan-Downloader.Win32.Zlob.eu
C:\Documents and Settings\Big Stephen\My Documents\LimeWire\vicintity of obscenity.rar/setup.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Big Stephen\My Documents\LimeWire\vicintity of obscenity.rar/setup.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Big Stephen\My Documents\LimeWire\vicintity of obscenity.rar Infected: Trojan-Downloader.Win32.IstBar.no
C:\Program Files\Norton AntiVirus\Quarantine\007F4199.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\01C1364F.exe Infected: Trojan-Dropper.Win32.Small.uy
C:\Program Files\Norton AntiVirus\Quarantine\01CF09BA Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\02043398.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\03A32168.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\03A64B65.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\040D5729 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\045C65C9.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\04C753CA.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\04ED0322.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\04F12D1F.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\07042F67.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\094E395C.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\09CD080B.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\09D03208.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\09D45C04.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\09DA2FFD.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\0B7C599A Infected: Trojan-Downloader.Win32.Agent.rm
C:\Program Files\Norton AntiVirus\Quarantine\0C1B40D6.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\0CBA49A8 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\0E392829 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\0E4D25AC.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\0FEC687C.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\116F17F3 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\11BC529F Infected: IM-Worm.Win32.Sumom.a
C:\Program Files\Norton AntiVirus\Quarantine\120761A6.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\12D5296A.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\139521A7.dll Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\13DD2128.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\13DD2128.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\13DD2128.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\150A1BBD.js Infected: Trojan.JS.Seeker-based
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\157E5578.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\15826589.exe Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\17A72FDD Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\17A92B33 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\186676EA.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\18BF3E35 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\193B3E2A Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\194016B0.exe Infected: Trojan.Win32.Agent.ay
C:\Program Files\Norton AntiVirus\Quarantine\198208A2.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\198C711F Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\1AD41E4F.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\1B2E4F26 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\1B2E7ED9.class Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\1B344A0A.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1C765CE0.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1CA17EB1.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\1CB72498.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\1CBE7891.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1D134467 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\1D311A77.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\1E5B7B7C.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\1ED851CB.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\1F0072F6.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1F0072F6.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1F0072F6.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\1F0072F6.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\20001096.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\20001096.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\20001096.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\206F3159.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\21171DD0.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\222C22FC.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\23596D4B.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\23EA2D49.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\241D0ED9 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\2490170C.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\24AF0973.EXE Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\24D97BEF Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\25013DC3 Infected: Trojan.Java.ClassLoader.aj
C:\Program Files\Norton AntiVirus\Quarantine\250E65B5 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\25103FEB.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\251F541D Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\25A916AF.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\25BC0CD6.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\25C36692.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\25EC2195.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\274029E4 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\28616AD9 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\28675FBC.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\287B6442.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\297456AB Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\29CC4852.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\29F0162A.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\2A4F0354.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2C5A367D.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\2CAD5108.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\2CBD2297.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\2DBE1CC9 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\2DF6442A.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2E76345F.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2F6379B8.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\2FA2431C.htm Infected: Trojan-Clicker.JS.Linker.k
C:\Program Files\Norton AntiVirus\Quarantine\2FC366F9.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\2FCA3AF1.htm Infected: Virus.Win32.Bube.b
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2FD00EEA.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2FDD36DC.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2FE060D8.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\2FE40AD5.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\2FED08CA.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/web.exe Infected: Trojan-Clicker.Win32.Small.fy
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303505CD.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\303D5AD3 Infected: Trojan-Clicker.Win32.Small.gj
C:\Program Files\Norton AntiVirus\Quarantine\30D658A9.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\31290B33.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\31D62D31.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\329D1C78.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\339A5CF5 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\33A50384/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\33A50384/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\33A50384/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\33A50384/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\33A50384 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\33AF0179 Infected: Trojan-Downloader.Java.OpenStream.c
C:\Program Files\Norton AntiVirus\Quarantine\35C36701 Infected: Trojan.Java.Binny.a
C:\Program Files\Norton AntiVirus\Quarantine\36140051.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\36B556E8 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\37FF220A.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\38081FFF.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\38121DF5.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\389A4398.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\389B2230.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\39E95A57.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\3A752638.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\3ACF2DEB.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\3B4A4EA5.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3BAC0257 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3C127310.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\3C781893.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\3D066A30 Infected: Trojan.Java.ClassLoader.aj
C:\Program Files\Norton AntiVirus\Quarantine\3DCD36D3.exe Infected: Trojan-Downloader.Win32.IstBar.ll
C:\Program Files\Norton AntiVirus\Quarantine\3E0B7B52 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3E4D2FE0.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3EA51D7F.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3EF93D87 Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\3F2B18F3 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\404F4ED5.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/web.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\40B612AC.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\41250B9C.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\418905C7.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\423D0DE0.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\431E2397.exe Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\433E4ADB Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\448B250D Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\44EB7AD2 Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\44EE24CF Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\44F14ECB Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\45E27706.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\45FF6BEF.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\4603394A Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\466000FD.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\46E24B0A.dll Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\473E0267.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\47447DD1.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\47447DD1.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\47447DD1.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\47447DD1.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\486D40D2.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\49160E49.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\49AD4438 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\49E32AF5.php Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4A0173D8 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\4A250A63.php Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4B3F4B01 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\4B4274FE Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\4BD23955.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4C5E3309.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4C6E04F7.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4C89380C.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4CA97CF9 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\4D253AEA Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\4DB52D0A.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4DBB0103.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\4DE029D4 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\4E303F37.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\4F16175B.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4F2114BF.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\4FD57ED1.htm Infected: Trojan-Downloader.JS.Agent.g
C:\Program Files\Norton AntiVirus\Quarantine\4FD949AD.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/web.exe Infected: Trojan-Clicker.Win32.Small.fy
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4FEC24B8.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\51283843 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\51500F5C.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\51543958.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\51C411B2.htm Infected: Trojan.JS.Seeker
C:\Program Files\Norton AntiVirus\Quarantine\537B66CD.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\53A35EA2.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\53A74125 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\54F91729.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\552762F6.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\55455CD6.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\555204C8.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\556C54AB.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\565950EE.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\567B1A48.exe Infected: Trojan.Win32.LowZones.df
C:\Program Files\Norton AntiVirus\Quarantine\57E84FEE.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\57F10395.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\58452039.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\58847D84.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\58A30169.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\58A42E5F.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\58A9065F.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\58AA0258.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\58AD2C54.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\58B30454.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\58B62E51.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\58B72A49.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\58BC024A.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\59015D83.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\59520B48 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\597165D2 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5A0C4367 Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\5A1D2F80.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\5ADC1D42.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5B3F6FCB Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\5C137B1C.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\5CA11DFF.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/web.exe Infected: Trojan-Clicker.Win32.Small.fy
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5CB16FED.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\5EA00937.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\5F59622B.exe Infected: Trojan-Downloader.Win32.Small.aoa
C:\Program Files\Norton AntiVirus\Quarantine\604C2216.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\605319D6 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\60A97190.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/web.exe Infected: Trojan-Clicker.Win32.Small.fy
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\60AC1B8C.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\613643CB.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6145027A.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\61B74A66.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\61C30D15.exe Infected: Trojan-Downloader.Win32.Agent.lq
C:\Program Files\Norton AntiVirus\Quarantine\63480C90 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\63646369.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\63D613E0.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6401054F Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\64707EA1.class Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\64D20E51 Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\650121D1 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\650C3619 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\65656D97 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\656E65C4.html Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\65895CDA Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\65CF2FCA.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\66222F48.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\66222F48.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\66222F48.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\671B6B26 Infected: Trojan-Proxy.Win32.Mitglieder.cy
C:\Program Files\Norton AntiVirus\Quarantine\6729527F.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\67414E5B.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\674E5768 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\67561594 Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\68145189 Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\697A2BD7 Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\69817FD0 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\698753C9 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\6A471345 Infected: Trojan.Java.Binny.a
C:\Program Files\Norton AntiVirus\Quarantine\6B0E7AAA.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6B951521.exe Infected: Trojan-Downloader.Win32.Agent.lq
C:\Program Files\Norton AntiVirus\Quarantine\6BAF29D5.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6BBE7343 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6BCA25CC.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6C1F4D74 Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\6DE622C2.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6E150AF3.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6E2948D8 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\6F0E63D8.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\6F1E4289.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6FA96E82.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\6FB36C77.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6FBC6A6C.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\6FF64C22.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\70101C05.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\70101C05.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\Program Files\Norton AntiVirus\Quarantine\70316BC9.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7078546F.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\70B63F4A Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\70BA6946 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\72726E32.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/web.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\73623B72.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\736E6C41.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\73827705.exe Infected: Trojan.Win32.Agent.ay
C:\Program Files\Norton AntiVirus\Quarantine\744A546A.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\74771CC6.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\75370916.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\75AC3C2F Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\760114F7 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\76322AC3.php Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\771426D4.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\77657195.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\77657195.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\77657195.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\77A36D30 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\77CE713C.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\78802D79 Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\79C15431 Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\7A6C489F.exe Infected: Trojan-Downloader.Win32.Agent.lq
C:\Program Files\Norton AntiVirus\Quarantine\7A7A23F5.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\7A7A23F5.zip/web.exe Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\7A7A23F5.zip Infected: Trojan-Dropper.Win32.Small.ja
C:\Program Files\Norton AntiVirus\Quarantine\7AB13A53.exe Infected: Trojan-Downloader.Win32.Agent.lq
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip/counter.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7B7F502B.zip Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7BED53F6.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\7C4E4A5D.zip/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\7C4E4A5D.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\7C7B221D.dll Infected: Trojan-Downloader.Win32.Delf.zu
C:\Program Files\Norton AntiVirus\Quarantine\7D376713.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\7D8656FA Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\7DBE7D5D.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\7E022A31.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\7F3108E8 Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\7FCF4E5D.class Infected: Trojan.Java.ClassLoader.d
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP12\A0013861.exe Infected: IM-Worm.Win32.Chiem.a
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP13\A0014026.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP25\A0034632.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP25\A0035682.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP25\A0035737.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP26\A0035823.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP26\A0035896.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP26\A0036885.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP27\A0037875.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP27\A0038883.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP27\A0039885.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP27\A0039939.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0040942.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0041025.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0042081.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0043075.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0044096.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP28\A0045159.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP30\A0047277.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP35\A0058986.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP35\A0062921.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP36\A0063392.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP41\A0064501.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP43\A0064810.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP56\A0080478.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP56\A0081478.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP56\A0082477.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP56\A0083478.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP56\A0083523.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP56\A0083537.exe Infected: Trojan-Downloader.Win32.Zlob.dr
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP56\A0083542.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP57\A0083642.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP57\A0084645.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP58\A0084905.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP58\A0086929.exe Infected: Trojan-Downloader.Win32.Zlob.eo
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP58\A0086930.tlb Infected: Trojan-Downloader.Win32.Zlob.eo
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP58\A0087911.tlb Infected: Trojan-Downloader.Win32.Zlob.eq
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP58\A0087925.exe Infected: Trojan-Downloader.Win32.Zlob.eq
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP59\A0088913.tlb Infected: Trojan-Downloader.Win32.Zlob.eq
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP59\A0088928.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP59\A0088961.tlb Infected: Trojan-Downloader.Win32.Zlob.eq
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP59\A0088973.tlb Infected: Trojan-Downloader.Win32.Zlob.eq
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP59\A0088989.exe Infected: Trojan-Downloader.Win32.Zlob.eq
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP59\A0088993.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP60\A0089016.tlb Infected: Trojan-Downloader.Win32.Zlob.es
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP60\A0089019.exe Infected: Trojan-Downloader.Win32.Zlob.es
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP60\A0089030.tlb Infected: Trojan-Downloader.Win32.Zlob.es
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP60\A0089034.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090326.tlb Infected: Trojan-Downloader.Win32.Zlob.eu
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090336.tlb Infected: Trojan-Downloader.Win32.Zlob.eu
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090378.tlb Infected: Trojan-Downloader.Win32.Zlob.eu
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090414.tlb Infected: Trojan-Downloader.Win32.Zlob.eu
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090440.dll Infected: Trojan.Win32.Agent.ic
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090452.exe/setup.zip/1 Infected: IM-Worm.Win32.Chiem.a
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090452.exe/setup.zip/3 Infected: Trojan.Win32.Starter.e
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090452.exe/setup.zip Infected: Trojan.Win32.Starter.e
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090452.exe Infected: Trojan.Win32.Starter.e
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090457.exe Infected: Trojan-Downloader.Win32.Zlob.eu
C:\System Volume Information\_restore{3231B934-68BC-45FC-922C-44EF4BD29559}\RP61\A0090500.tlb Infected: Trojan-Downloader.Win32.Zlob.eu
C:\WINDOWS\system32\DrPMon.dll_tobedeleted Infected: Trojan.Win32.Agent.ic
C:\WINDOWS\system32\ldAC0E.tmp Infected: Trojan-Downloader.Win32.Zlob.em

Scan process completed.

Posted By : JSntgvr - 1-17-2006 12:24

Download Cleanup from Here:

www.stevengould.org/downloads/cleanup/CleanUp40.exe

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET

Run Hijackthis. Place a checkmark on the following line and click on Fix Checked:

O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)

Boot the computer in Safe Mode

Open Windows Explorer. Navigate to and Delete the following folder:

C:\Documents and Settings\Big Stephen\My Documents\LimeWire

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the Full Path of File to Delete box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the Paste Full Path of File to Delete box.

C:\WINDOWS\system32\DrPMon.dll
C:\WINDOWS\system32\ldAC0E.tmp

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure not to miss any.

Exit the Killbox.

* Run Cleanup:

* Click on the "Cleanup" button and let it run.
* Once its done, close the program.

Restart the computer

Clear Norton's Quarantine.

You will need to turn Off System Restore to flush out the infected restore points, Then turn it back On.

To turn off Windows XP System Restore:

Note: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Select "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply. The following message appears:
As noted in the message, this will delete all existing restore points. Click Yes to do this.
Click OK.

To turn On Windows XP System Restore:

Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Clear the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply, and then click OK.

System Restore will create regular backups of selected system files and program files.

Create a restore point of your own.

Restart the computer.

How is the computer doing Now?

Posted By : klas - 1-17-2006 10:57

Hi Just going through the last batch of instructions and have hit a very basic problem, I am being asked to "Open windows Explorer" Where do I find this?

Also do you want me to remove LimeWire? Its just that my Children use this quite a lot?

The computor is working much better but I am still having problems trying to open documents sent by e-mail such as Adobe and some word documents. Would this adware problem be causing this?

Posted By : klas - 1-17-2006 11:22

Hi I have managed to find the files you where talking about,there would appera to be 8 files found (but i can't seem to copy them to describe them to you). must all these file be deleted? As mentioned above my childern would use this system quite alot?

Thanks

Post Edited (klas) : 1/17/2006 9:48:27 PM GMT

Posted By : JSntgvr - 1-17-2006 3:32

If those are the porn files, by all means. Limewire is a Peer to Peer program. It opens the computer to all type of Malware. But I can only suggest.

What type of problems you are having with Acrobat and Word documents? It could be a bad file association.

Look for a Word document (Ussually has a .doc extension). Once found, while holding down the shift key, righ click on the file and select "Open With"->Choose program. Select Word from the list of programs and put a checkmark on the box labeled "Always use the selected program to open ....", click Ok.

Perform the same action with a .pdf document for Adobe.

To open Windows Explorer go to Start->All Programs->Accessories->Windows Explorer.

Posted By : klas - 1-17-2006 5:25

Hi JSntgvr, You are my hero, every thing seem to be running great, I never believed that I would get the system running correctly again. I will try your advise concerning word and adoble, would you mind if I got back to you if this doesn't work?

Post Edited (klas) : 1/17/2006 9:46:06 PM GMT

Posted By : klas - 1-17-2006 5:32

Hi its me again. I have just opened a word document from the net and have came across the following. A simular thing happens when i try and open a adoble document. Can you help

BùPwh8Ä‹!Ì§ŠSú[1];
?(¯´æiqÓ_½ààˆÖ|@ç

Post Edited (klas) : 1/17/2006 9:49:34 PM GMT

Posted By : klas - 1-17-2006 5:48

Hi managed to follow your instruction since last reply and after opening with windows this happens, can you help?

%PDF-1.5
%âãÏÓ

1 0 obj<</Type/Font/Name/Helv/Encoding 173 0 R/BaseFont/Helvetica/Subtype/Type1>>
endobj
2 0 obj<</Type/Font/Name/Tahoma,Bold/Encoding/WinAnsiEncoding/BaseFont/Tahoma,Bold/FirstChar 0/LastChar 255/Subtype/TrueType/FontDescriptor 3 0 R/Widths[1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 1000 293 343 489 818 637 1199 781 275 454 454 637 818 313 431 313 577 637 637 637 637 637 637 637 637 637 637 363 363 818 818 818 566 920 685 686 667 757 615 581 745 764 483 500 696 572 893 771 770 657 770 726 633 612 739 675 1028 685 670 623 454 577 454 818 637 546 599 632 527 629 594 382 629 640 302 363 603 302 954 640 617 629 629 434 515 416 640 579 890 604 576 526 623 637 623 818 637 637 637 275 637 489 1000 637 637 546 1676 633 425 1037 637 623 637 637 275 275 489 489 637 637 909 546 861 515 425 985 637 526 670 293 343 637 637 637 637 637 637 546 929 508 703 818 431 929 637 520 818 539 539 546 651 637 363 546 539 539 703 1128 1128 1128 566 685 685 685 685 685 685 989 667 615 615 615 615 483 483 483 483 774 771 770 770 770 770 770 818 770 739 739 739 739 670 659 646 599 599 599 599 599 599 937 527 594 594 594 594 302 302 302 302 620 640 617 617 617 617 617 818 617 640 640 640 640 576 629 576]>>
endobj
3 0 obj<</Type/FontDescriptor/FontFile2 4 0 R/FontBBox[-698 -208 1625 1065]/FontName/Tahoma,Bold/Flags 34/StemV 184/CapHeight 727/XHeight 548/Ascent 1065/Descent -208/ItalicAngle 0>>
endobj
4 0 obj<</Length 5 0 R/Filter/FlateDecode/Length1 69331>>stream

H‰Vw\UG þæ¹÷ "¨`Cƒ-§ c •(º-Ä(öD¢±+Ò
*ö( Tì-öF1ö cïÑØEÅ.ø|Æ]ƒ&k°¢Þ'o ÖÕÍf÷Ÿû;gîœûÍœ9ß=S ¸a ýZwùdÔÎ¡Álù
NÁµýLnä Èúlë ß¥ïÇU¸=
pI
- oè?ó)à^ƒñ #â#cçoÔ¯ -e ucdÌÈˆ¤m@¹£Àä´¨ð°íZã
`U( Å ÷¸âk¸1/2"ÛU¢b F\éÔ¹ * ò (tm)1q¡!JÔ(c)‡ÀÙ€g‰Ø ñÎÃM'€"" ¯
‰
?>¦Ú n JN ' <zX p³-P+3~px| ó±3/4 N m7
bu" B ‡ô‡ $[`·CåJ@a $Ôè!q1Ð£F'À/6<, 5"¢†À?&:2
H8´(êU ‰µRÐ óY "Dâ¯,u {RX"´ ´äµw " •¥¨6Õ"ëh:Í¥E´ŒVQ:¥ ´›öÓa:F'é,] Ët²è
Ý£_èW~Ê
yGÒ(c) U¦ (c)&Õ¥ 4•fÓ ZB+(•3/4£í´"öÒA:J?Ñi:O-è*Ý¤Ût-þF xŒÇòÜfd&OªFu¨>=£ 4 ÓrJ¡Õ´~ =t€Ðq:Eçè"]¡ "MVú+åÐoü<" äÿóŒ #€t*CU(c) Õ"
"D")(tm)¦Ñ,šCßÒBZJ+)ÖÐ ÚD[h }O"h ¢é ¡
Ê¤kt‹,ô3Ý§‡<ÏG"KOè 1/2¤×d"çå%yY^•×d´°×€¢ÙW/šÿxšH"h
Ç1"#(tm)ÿN,ëi#m¦ÿ3¦¿Óïô˜S-1/2"ƒã"(3å ö-%osÖ8;" èÆÑº €³È ð‚
?J 1¿ é9 ;u 1/2bL ëYÜÛ %P é... ñÒxí@Ø ÎQÎ +#ME~ uA¦ yA
* EyLY?¡ ÖO(c)
ëgÔ-õsjÇúEÁQò8ƒ]• <G'u(c)Z"ß·°¦ œVó +æ$I•R' £¦Œs, öÆ¥C°(r)³7ÝnÓ1/4ó"£±" ku!ìzUF)ZY1/4šøMx±hÿ\n\+
Ìû...?'T5""³K1×ânî%J-òð,]¦l¹ò^ *~à]I÷1W(r)âë÷aÕªU¯Q³Ví:uýëÕo ðqÃF›ü¥i³æ->ù´ågZµiÛ(r)}‡>ÿ¢sð-]º~Õ{1/2z÷éÛ/ ýCÃÂ#"£¢| ;0.~Ðà! C‡
1rÔèoÆŒM 7~ÂÄ¤I"§$O6}ÆÌY³çÌ7ÿÛ
-^²tÙò +W¥¤¦¥¯þnÍÚuë7l¤M›·lÝýû ?ìÜµ{ÏÞ}û <tøÈÑ ÿéÄÉS§Ïœ=w>ãÂE\Ê1/4|åêµë7nÞÊÊ3/4m¹ éœ\´Ý˜8â±"QÌ óDªØ&ìJ ¥"rR9Ü&ADÎœµ-h,¯‹ œ ²¯œ/ É 2]îûåMù@=¦>TŸi(r)Z ' ¨uÖbµxm¤6V›%ksµÅÚjm1/2UÛ§ Òiç´kÚMí•[ [OïIÞ¯tw1/2´î›u?1/2^O Ô›èMõ-z¢3/4Z_"oòQ}<|Êø˜}ü|jùô1+fÍìn.e.mö2{›"›ƒÌýÌá3/4(c)3/4 }Ïø^ð1/2ï -£æ"Ë ÌUrëæyå}`(†n MŒ¦F
£¥ÑÉènÄ cŒ Æ*c"a·õÓìÍ"|›ÝÆ{5ïüHq0"Š×J9fà 3pƒPÄ@sf ‰ ˜Eé r\(-Ê4¹Eî'7dºM1/2¨æ 1à£5×úý) G˜Lf ×M¸5ó-ç¢"ê-zY]w0à¯7zË@:3°á= z 1P' (ÿ-0f`Ã[ "ƒ '+óWÑ Ì@5£!3ÐÜøÔhet5"ŒQF²±ÒXmØl}Þ4e Æ 0`¿Ç9ïo÷Ä ,±OS<"h ßÏ±ö ao°"ÚRØRöí )²ðà=Fµ?°g ‹³6"-Óv¡ðsþ ü`[ª-5?(¿...m3/4-Ñ-d›ïõ¦&#
Fv ^Ô{Qû^1àçìÂ-ÖIÖ wIÖWw"Z‡[w³e
KCkõ"•ï
¸3Ò embYhI³L
,|3/4[ ,ƒ,}-µ-u²Vf-1/4õ(kHVoËP¯#^¯1/2î-8 Ÿ^|šzÈ´Æ´Â´Ü´Ì´Ô´Ä´ØtšÓ}3à PàQ{ 5UgªPš;ƒü÷7 eK¡1/4cÙÄ²KÉæÓ"÷},åüë]J {àOŠìÅÒ%¢¨=˜o5fÕOÿïHµj¡ü±¨å
å¿ iûÏvµ9K{-0uìû! I˜¤4ÆBÜÇdÌÂtÀzæs` Ó3 ó'‹Ç˜‰EH Ùø +± Oñ Ï†M8... ØŒþ Å "á
Âq §'³8‡óø...oH-p ± 'x"¹¸‚L\F -àWLÅ DãkÄ" '‚8
B<ŸÑC0 †áÈÁ ŒÂHŒÆ |ƒÝHE"Æò s<-òÍr¯h)> Š !...
6ÑJ´ A¢
Þ _hÂ$œ` mE;Ñ^t E'á,\D1á*> _à òDg ,3/4 ]DWñ•è&º‹-¢§è%z‹>¢¯è'Bð WECÑHô ¡"L"‹ Q\¸‰H %ÜE QR"‚ w...‡ð Ñb€(-ÊˆÀ°_åáQUWüþÎ1/2" (tm),d BÞðHX&! AŒ)ÑÉŒ¥ e v†‚Îd$ìÈ.Ô€-Ô-´(`" Rûi [í›€šR[ƒÚRk(c)P* ²X ÛZ(È¦l‰çM& ÐÏ._ÿìy÷{Î]Ï=÷wÎÅTLÃtÌÀLÌB ÒÅÏ...‰
db6æÀÞÈBÜ‹¹â‚¸(
‹#È† 'úb-æc b ã>,~ÈA.-ÂÂéF,Ãr± ý1 1H Çð€Ø-
‰1/2bŸxG {Ä lÀ Ø ƒñìIü Oáiü ?ÂáÂOð
~ŠŸ! Ïâ9F; !´` 6ãy1/4€ ÑŠ|ü [ðK1/4"_á×x mØŠW0 ¯â5 ¿Áo±
¿Ãëø=ÞÀ° ¤R1/4‰ (Â ìD1þ"]ø3ÞÂnìÁÛØ"
± ï`?
à
á]ü ‡q GqL
Á{ø+þ†¿ã}ü Çq ÿÄIœÂ
838‹s8 ñ .à".á2(r) =" '$E6Š¢hŠ¡XŠ£xJ -t õ$;%R £X
õ¢TJc<Ï Lök1/2)‹úP6iä¤3/4¤S?Ê¡\ê¯
h
¤Aä¢<Ê§ÁT@...TÄ±v±*¢¡t#
£›Ô³ê9ú6}‡VÑCô0¦5´--¡ïªbú-=JÑ:ZOÓ z‚6ÒÉÿ<º£S×Åwáè> Ót†ÎÒ9:OÒGt.Ò%ºLW¨:Ø;A {(EÇ¥M^áØo¯ÚgÅêŒQ‡"ZË8 / :[Ó$º›î¡ (c)Šª(c)†ji2M¡:ª§ šJÓh:Í (tm)4‹fÓ º-æÒ<šO
h!-¢Åt-¡¥ôuºŸ i -§è ôMZA+é[r¤ %ïwÊÑrŒ +ÇÉJ9^Þ%¿*}Ò/'È¯É‰r'1/4[Þ# 2("dµ'µr²œ"ëd1/2lSå49]Î3å,9 cµœ+çÉùr\( ‰h¡
Ï‹ Ä"X#6‰Íâ5±\l +Å9<Bmr±xI<&NˆWÄÓXÇÙGƒƒEÉhlSQ*ZÅ¨X §âU‚ê¡nP=•]%ª$•RT/•ªÒTo•¥ú¨l¥)§ê"tÕOå¨\Õ_
P Õ •(r)2T¦rˆ*8ÊÞÎï£79"Hå V
ÇÜ;9¢ÏãÈ{ ÇõƒùÅUÈÑý YÌïœvÙ¡Þå3Ù£Þæhý¸õñÙìçÓ9Èñÿ0~(tm)ê •b;eÛ(c)V¨jù"cè8Üq }a{M"_(r) ŒòŒH F"ù|ç#‰1iJ˜x
AÆ˜ ×àøHÖÑËŒ G ""R
£¢ L C²X î1/2‹qâ #÷%Ø 1/22¡3/4?á´NtyÃÝh¥è0 'ši£Ø†v-(r) náæÕ1/4OKØò-ù
Æê¡âSíßI²ÂDZÀQÙ"ä& g(r)-3ä1/2ÏÁêO÷eìÍfœ*e0-ñÚÀI*ÆìgÎˆ+‰dd‹-ì¿Šãì1b ±¿‚i ]bdiˆ2l‰êô5£ÕãË1/4"‰ŒÔu¨c_±BŒ
kc-ç3øM•)²"çu‰|VEHUÔÂ7b±<m‹"-ìowŠÌ(;ßãÉì îg_ºFø...ù"Àu(tm)ØÎú?...Ëb`X ¸ÅTþ RÕj'Ü† öw‰É\î ð {Øy£Aoð"f co¸ åb\ÄHÌ>i&¯g-÷ÚÏwe•ÚùßœÁÿÓÿ2•}qø Jo.¹iØC‹‡
ÎÏs
8 nN?1/2¯SËî"ÕÛ'(tm)'-Ú+%9)ÑÞó†- ñq±1ÑQ6% " fºÛ Êˆv9œN§??RÏ1/4nÊ ûi§)'(r)iä¸(r)SïëêY×Õût×ï0EŠéÕÝåÖÀ!á}Ï É&RLaÍ‚äQ<S¤"§¦A÷Ô› îš@€{"ëvÍô*ˆ,%<v(>Î"kãòóD(.Éx¦¸í 1/4_B˜ ¯§4D"¦G~(tm)ä2)Çc}
fYS€ 1/2œGbIò''Öæ"E‚"uQÉ Ì(· W"7Ë‚¦hÒBymFs"]T \ 5zMp"k.Èk
(tm)ã(c)"´ôè±3/4@f*-<œ9˜£yê4C*Ôá(c)
p(r)-s¯Ïä3;Öí[éls˜I\zÌD-y;*¸}ñQ‡4<éõšU5Œ•šùý13/4"¥N+÷ûýé1/4`Ã£ó€<˜§á6ÞJzA~^ç"
¨ 4Xs6 uz 4£(c)61/4Öæð ÂM=u|0ÁÕÊ0<5º§&Xs[çèn³2\ˆÊ 3/4ð Yuåþ +Ò€%*, "ûÊ(r) ës[
ÓƒåÎcïæ " fxº"šµ‚ <€(c)Uk¦ ëÓ¹i‰•Õ- £º$l<N Ê1/4ŠÑŸô2m9v]3Îq< ÐO ¿- Œp¢rìç"EzuoÀ01/4ºæ5 F°µ£±J×ìº ª¨0fy <ëh÷jíØÒä01/2Í~Ó-¨C)ëÞ² ïXß-
g¢¿":º"*Ø¤Ø°âÃÛa-ðD¤`-‹JŸScE÷ù 'ŸEW2ÝYZ†Ä†[Âg Q›¥£Ú'nõ¸#¤ÓiYgSk(tm)¨âŠÙ8Æ×Y×D•£E" ¸ø< -¤KÒk1/4%iì'tw è<Ëæð;·- "ÛýïiOMöÔ•šHý qm§ÜLvû¤ƒü 9¤EÅ¹ø¦ 7Ó\L p | ;tÓî2m3/46Çp¿fOd °Noœ^1f‚Oó ÝVÐÉ‰ìÔ² 6u=XgD(r)'eôŸÍ ×¥pËbùJ7±Æ " ØhølàÇiØMïy§Ãi$êIÚÍ þN"ïÐ_çO2ÃšÝÄðð Æ4i")ÓJX˜Ï¯
VD´ˆâ8"‹²Q¤ ...¢LŒf^Á¤í
‹ ÎŠ
‰ÎÄ ÎÀÍ/6ZO. ‚Ä£œå²ë·F)(Ëâ ‹Œj³Åh±·ÄÞ Ëá¸P!ù1ÝU Åq...çíìÏoowï×œáì=ßÙçóÚÞóÏgãËÝ 0?E`c š"I0¿ ˜´€ù1%jS¡¨
Š µRT'¨* U"mAÂ*i"€HCÒ6T¢-Q -)(r)‚D* xÜ*g ¡*1/21/2(tm){ónwæÍûÞ{ß, tÁ ¨`•2ãiË*'âX±ÓjM RÀy¹ú${; /³ p@øýý"|ü...§œ}=O7‰òì³í N ‰ ºlÉ[qnBxè<ONZ´ˆ§î!º ß (RÂÈ;%{s'eeÒX WÌdŒ³b|ÑMùKù lb`ü ·Èi¸Ú^BD
÷2 ;£väª(tm)Q9mTà * +äêH(8ê×5%à
Ts‚Ì+¸¸õœ2ª...ª Âë¢ úè6äçü~- np"Â ªQâÃˆ 7Ðé$‡¹p8jG!... çó 6ø<nÇl|Øm(tm)(tm)ÌuôSÉ‹ÖOŠ¤˜/-ò3/4ÎNÜYÙi9 ng¿~
?ãNwîQ ¢4 ŒÒ˜7ëf£å-¡ § øŸ¨± -‚Æ~µê+ÙÊ(r)dãðX" Kûoõ÷ßZñïñ›Œ- -d§o°Á §Ý€ù7` {Ãi×Ù›Näf‡ù‹b 1Išt‚ç
‰O1/4`§4=§3/4‚ 4BÚ×èKÇ cébeª1cÚéEÙ'õ3/4ªÞºuUë£ÃÑíé'6ôôÄ5{§æÜ v1/2M íÏønxºisû†MûÚå°¯(c)¡ˆrMsÌŠ #= (tm) ‰ÑÄi jršT#
Iû$^êõ€Ç#JÔ{ZÎ‰Õ^"ë²!÷Ê?-ÏÉ¢œ¨(r)-›" (c)µe=W"(µ ÎÔ 2¯ìÉ Ò¥uÕtq(c)šçÃ ‚"l(tm)Ï90˜c>ôºe:x`
;L±JÄÇ*ápRJ{ñ¦RkÊ4K`š % $oÌ[Ox3ÕPéM´ ~³mí¹l&è(b¨ VV dU BÐVŸð €¿8*Püå7=Ëî.2R÷FV.z¹#W1/4íØª› cÁÏ[ñá...ñ1/2 })Ø3oqñ 8±ìPGçB' ‚µÐ-€Úš% Cþv"å"ë ý1tóïÔšÎ(r)5·‰Ìß| ÈgBGÖì`Ñ´M ±‹ ä(tm)‰OåFá_ÄM4Œý
YH~b?")-ÏFU
¨ªƒî'wøw...ù-³EÚC1ÅkÏÊœ¦ Gµ5^£ªkæÙTØvbzîYE\1UNQíã$¤‡ì
...Ú+ªHtÐõEö"Ð°ãf ×0Í8Òpœˆ*+ôœˆ?VÎW'ð1ØËÙ;Y0 (c)X,M
èãýB‹¹ïÛèäXm=z4"
ÕAT~tìx³ bµ

è\ts&Ý+ÀÿÓÓKþÃ'W¯}ôÉ *>¸ÃîR...~ã¿š/÷"u}fsªÝ").ŸÖÕÒ<SW=Â"_¥å•"·?ÿâ‹Û·?ºga9ûrj ‹‹ bø‰ [ò_ëoˆÕÅãÆ ã¿BédÖò‰OÅÝÂç¤ _9{Ém{‰Ìñ OB£u¸`¤¦!h7qV¢Éh1¦9=‰9‹" Ë n¢ "SOÍÝ [ÝnÇæ×/"[ØV'Ù³@KBre÷Än:ËÉºuªëH'ÕYÝsê )N&UÜâŒPA\Z_O§5@ƒOKZÉä '|2íï5ÀÐIŠp6ÞÍ"‚_íÃñ0 ûð5"
ÐK .`$(c)Ëp¨o~ å BVF ³ÃÁÕ Æ1/2åÁØTyFF@å˜‰* · ¥$$Tˆ q'Y
{˜8 Ë,8(tm)]àNIòÿÂZÀ-ÄG w³ÙßÙxu'cìOV}l Ùœ]U5£-ßqá{Ã'":›n$ö(r)†j(yU-›"Á/L ú[<Z1/4Ò7£gnªõ Ûª'šãñ•Í...o/Ÿ?ñ~ÿHÚšWU;"!ñõÇfd[g¥ ‡"›6çú
v
-Jî2[7Xì ¿%]ðê.-×"OvŸÙ4øào°§rãÌÇŸ2
#‚n ¦ça´Ìrq[C ]@ßé˜ 'i(tm)Ê" Å
T¦1k'Ä`ô!y œa
¤}8Ãt2ÇN(c) Ê Òpó /8 Õ TÒÊì3/4•ðx :¡K†"'¨" Lƒ...
¡À ¢èïz.Ûæs|
¢{E. ð¡'+i;¸ü@ÚÊæšR/õÃÐ'W‹ù...

ùÃ1/2lpíå=ß‚i‡_eh×•
' gF†Ù_ gŸìxkcg Ú(tm))Û9÷Í HJ ƒð Ú':Á8eèN Ô b04imß"µ¯H 9Å·l(ºÂ4'-
p
øÑ,ÚÙîËqN‰ÍFÑÎf²VúÀrv°÷HWaÁÂ|ñÕ%0ÔÿRª)Çå ³›Ûö\^ (tm)wnx BÇAíðÈ(tm) '
Wv
±;¥Ïs ~3Zê%¯ÿÂk(ZÎå˜X‰Âv²]Ú-ïÖy(r) ‰Dp:õôÄåSø‹
~Ù(r)E DÂº1/4 XŠ| Ïñ š 1/4 ^CvON w Y'ˆWMå(/¸EÅc"µœÇ#1/2¦+†Ò"PÅ*]GîÁ ßéìôbAtv)9§ d£ò‰Æ4§ØFªóÇüB¢ r ÍÐºJß1/4]p_ Ùë` ûé ´ŠçEh[ÏÞ ¥#³cÐ÷"£ï1/2ô XÊN\:ú-îù7$ \ Tä ÓFß þ×(r)w+4t<YS ? ÖH=<ðV)}<Lý:Áâ}x aw F.¸8ÂéŒ‡X -0" &î³ïs-ð"ÆyË B'nÙ2ò.÷
ý-,üW[ÁQ šqªÈ çÔ "èwÆp S†˜Ÿka?þø xq\àî; Ï‰xØ›sEl Þâœ W& -Ç!' kXc"ÖQa|#w˜ ÿCv¹Ç´uÝqüs¯¯Ø3/4~1¹~`À °c ÆÆà 0` - B( B-M³1/4Ó¤$J›dy,K-ªSÒ*KÖNÚ´uS (c)+ÁIÚu""h uêCM›v]¤nÝJÓ*ý# ø²ß¹6"nH3/4× W÷œó{|¿ŸÊ#(tm)ý \3/4'v'?§€3/!(c)ÉrÂ š
fIÀ
²‚3/4 / x
Q{ÄkôçRÆ s"F4...P-¦MÐªÐT>$ VþÇëpÏîœ‹ìäËÿÐ •È‰èÏÓ ÅÏp'kzðKù*B¹sŸ1·d÷(3å¦'‚ÅšŠ - ö h v¦ªÙfv K³*·SB "*-ÎÃ{p¡" èk CXMäAÂ *
>98=ß `†
L"3Ï Ó ƒFêuy ‰Ì†Dâö...ó·›
õ-¿ðòÍ‰zñÄÀ ›×Ù1/4y
þâ÷â'k× þ (ltíØº ñ¯W'éÓOÅŠ_ß1/2
ñ(tm) ?'{ è¡EðÉ&XVMkéI¤¸ÿ"!-9(?ÄL ÷ WÐ˜Óóz` 1/2
* ä>4
úI3/4âé \6þzgµäÊaøÆœ›-EQñFóqo šA-(" Úxß`Ê_ ›ñÃ*gaw€` Ô³B[ µi-YWÈ{´}ù öMÌSV•irî
Ò¢ÜäÜÏ"bP Ê µê
v"ßºÁú¤Un0ä\ÉÃ~¨<>... Ãü6-ó$Þf @Ã6Ø¹Cáä
8.ÎÅ"p&Ë:'e ÷,"ø‰~NG2""q ej ë*Î8"Ü¯)
9˜k9(tm);3WNÞéÙ2²kd*"4ØãH1/2)'~ÿéÕ¯ ã'ïïúª¯(r)Ù¸Õ-g
¨QsaüË÷¤Ÿë?Iœc TÎ$PB uQ°-kŠ|ÅõÁXSlU]÷Ò±ÚÑÆµªò*8"šè Üƒ ¡
*Ha†1/27Ô['‡mÈf"b" ( ð^(c)Â‚
(c)TÜ Vå àùœ ¸¸1/2Q µú &gÀZe" k¢š¹f3/4 ç(³ð¦"zÌºü4¤"
*3/4
¸I )ÙéHd^²¤ó"ò$hœ °jÉÁ}H¿øçâ°-8?çBÄL(r)ììzïÅWÿÝYÔ}g æ Ïå GCB]bGiiE _4ì
ï¨)["Çw ÙñïO5··?¿·z,PQ‡¦ü6-oŠ ¡¦ªv£ÃÒÖÔØªÓ3ˆU Œ‰hEDgP ˜t!
Š;ë+ËýÏ
üM"(ö•ŒÃÑ+æf(tm)¯`NTQ jP få&-•"Y¹R"BDñ‡˜ƒ
üÑršöËãò ùfù¸\FÉÕ še "'h` gGˆã8Ã VÐçI ,5r(4
"DD,N ó†> !:Â Ð]‡îvK‚
ê ‚+óÕMñlz;>ŒvßLÿI<† Ä-ÊòèáÙ3hF"A¥ì...J¹
{(r)¤ö *E9 d‚¦ "0
j{+ š-H´Â EátÚS^/ëI¹h(c) ôP
n ï r´a-ÙévIéw€ R .À 3f;A(tm)é ÛA‡üó(c)‡ÝÃÀ" Š29
‡-Æ¡ï¦äY:Tî<â1W"º:?8ÿ‹{.[K¤zKSô¨*Ðås‡NWuŸ‹8èÛéc...˜7O´ô>†-ìº'líDa jÖ•æåZíÅ...Ë ª-›]Æ Nˆ€i_E8EÔv "ñ(r)lšrQQj\ˆ(c)ÕZ‹]Í[ÊrüêrËêœ ò Uª º|'²ëìØn§9£Ñœêç ‡k/×Ð- ùª>

Å Aæ" rŒ‹ñ1\ tJáÈ1p¤ƒ I-¤¨2ÄAê ˆ a\ å\PçLq"yÄa> hqpLì Ë2ïŠï‹³‡þÐÚ"ºgh ßl{Þj-ØÛqñÍ1/4³C+N...; ÄN;_ätöøK-)Â (r)‚&Oa
šù-øÎò>¤{ã:
ìÞzÀÈŠiœ"¿ñ×ú1/4uo‰'Šzû'Ùl¹&NUé~ú'¥
[!qÌÝ (r)× vXjà"æw!c~ ¦S2 +À ×Q ¯"zˆ‰-M
PŠ l•‚qBÁ+0" &S)>ÄÂGê H.,Ø$1I"ú×ÒGÅaüb:Ê´2¿šy"(tm)D 2 Åç>a>"Ý§<T ÕB1/2$ŒÉü¹þR¿v‰£>Üèè ÷0CÚþðPl\¿Û(r)
TV ...ÊD°ßÒS9 î[:\ùxxWåÁðSušº°Æ dYïå
dÁK/³ªÕ(r)õÔ&õ&ãz^VìàË FÎÈ" uµ#ë1/2Äà"\'Oâ ‡ä1/2ºÅÞ
ÊçŸöO €| -Ò</t(tm) ¦úÿç P3$ùC&Ádr'²^"/(tm)&a>ìjoÿèÔ(tm)¿%[ §-Þ˜L&Þ9ôƒ?6&'ãüCqÛº3/4î±zÁÖ!" ñ
ëí[ÊJê<a_nw" Ÿ
ÿ< K4×Õ1/2Ôÿô+ V˜ØÖ}:R³´.°ääÊÇ ecS¸´} ; kãµ...ù¡¡ôÎ%Ú2CÉÎæû&s éšÄÜ]f ¥ ˜|"Ð¢£uz'vÐ
}Þ‰å&wÝ$gæÍØlfý-#î67vc•J›êe "ê·#¥ÉëTÚ³ÎÑÈ5ò¸Úi' ä
a{6‚P
Ð"¤YàF"¸¨W°œe3/4ë áÅQ] ›ÿ 3 WÕ0 " ‡Å"nyÁb*m h;3/4$"P¯8±3/4ãT´cuW[ò/Ï º•ìyT|Öë)XZìŒÛ
Š<
Gw°ßJÓ±7ÅëÛw äÈ£u""•
V{}±7Îìz"-ÙÝ1/4Wüöè3/4óå
›ÕißÖ" ´YóÌê / È {˜Q¨Z9U*XÐ -±S2...NéPb9u‰¥
9 $-êfú!Pc !PòÁ*Ñ‰(tm)óÀ¢˜ò Cdß¸<EÉ¢
ÐlìÛò) y1/2ôj†à´...à4 ûk 6Ã²Ô¥‡"M"r "h%‹ØdQ#ÁliÑzÂÚdÕtq-·_§´²"Ì Ð/ ÊX ÃÖR ` '12-(c)¥±‰¦ñ>´
ch•o ´
& š'±@{"Äô )QþPÆ Uú àfÇ˜Ê|é‹
U#1/2 ÉRÿ(tm)•1³
èÃZœû1Î ¿ O‹ÿ%1/4Úƒ¢ºÎø=çÜs÷Þ""ìƒ} ËòØ aYp w--‹{U Aˆ
u | SDA
fÔ¤J 3±6ÆæÑ4QÚŒc5Ì8‰˜N&Í"iCÓhÛik:±"i &ÿ8&£ì¥ß¹, mg:Ë{;÷{ý3/4ß÷û^‚Ø?G t"-µØó 1/2. è:† +hr,M"c°"†@ù‡ d'<
óãìKD""i ö îSˆè- Q\É Vçq%âl q"'˜¯¤‚Ra€ë 0b 1•OYD"‚ø s¸
'` øQI,&
¢·-L'£S‡)1/2É"È†zácKÞ...¸z_£Ð[9 ÿ_TÜös /§Ë~â§5¤†6'FÚ#÷˜ ²>ƒAðBD1Ó ³ ÍVÅÁ; Ö (tm)Ø3-'öpÈ{Éã Þ' LeÉi²iä%Ï.
È(c))6k...3ÅÃÏØ"š!(r)Y¦)5Ø,gøKgÏ³<*d1/2-¹ Å¨:º¤<rfƒz¡òD¸bå3‰Ö÷ÊÝÊýï?s£vyz\íG'ùm[ÏWWu ÜAÍ&hÑ õ[;
PiVõ'HäÔÃ:ØÂ ýÓ.á ¨øUÜzî÷WÂþÊ ¦³?W"Ò*Š|U3/4ò² _]Ù(r)âíO " 3/4' =e¹p¹Z(r)ýÄ‰œ§ÜÈÝÎóí×6éßÑc1/2S¿²º1/4<tºðÚJÜVºŸÃ4‹Õ/³±Ä1/2t§ Y ËQ¹Å]N"1/4
0'çç
pá¸NS§Ò‰M9A¸áKý]JBÁÊèô[-áÿ
¤m2>"9?£ü8ôS "ÖN(tm)!_¥õØd\"Ì$R#±<àtÝ W¤Â z\ðÎ"-=ÿˆNàçE{pf< ·š"Ô
Sf(Ç
7-
*j"ÊO*(Ý(r)¿þÐ]°3/4¹åÖáþO;Úon[óçý(r)ýÖÛ;/(c) {Ÿ>x$Ñ‹‚# QÑî1/2"{|u%›wÛ nÂ/ŸPÿ´aµ5Wo4Ô*Ko|"ïýºXCØUƒ¦þ¸ü-ñ7î¯m}ª³£}ê•×ÕöuÙ
>³Û†3/4Ó‡j? EK÷ï;~('P?R- oìé#/œ xpú ÇÑ# t (tm)Ï*•×¥ßIøº" "~‚"' ´]X/ òût'$É"åÓ¡%YÐY` Ñ>Ð ¹lö208 øÃAÐ¦'Œ€W2 (r)EÂ n×øÆ`2ä b†fÃš
ˆ
ÌÔŠ‹ù£1.Œî MÍÉ±±1í ÇPœ‹Ç1/2Lw< o Ð×è,úZ Š"%qtûìY:ñ €‚ê'x)º"ÚÎADË ";-Ï...¸ Ji"1/2Ç~ X-%‹"²QvÎ IiX'ö˜úMØa³-ÄLÍ&l2é
ìZC¦K ÀZÄ É( ']bÓu‡Í÷gE#›}ÖªTKjƒ°ªj^M@Ïý‡zxtqJüWºµ3/4õã%GpÚ o7´4ïí:ù¦šWPXÐÓ èjò•z6VVzöw×Ù^JT‡ è×1/2oU,¯¤
Šü/nÜ{¡Ht_Fãù 3Q?äÓí
É?Ô ‰:Ì/p´1}¸bú
j‡3/4-å^SòxY.É(r)âšŒ²¦
%k1/2c]ö ß§?ä3zw ±YF§iT=:}U' x| L
(%pãTà s
±vô 'Ñh‹
‚ŒÀ]...¨°07² ,ÊÆ¢(tm)ýÉTQT 0 "À¦ É´"m‹`œi Œ2ÉÍ íŒÇgÖN¨;Íå,fn&}šàþ-L ²hJ²ÔKÀ_Ã¨¹ã...e¡
]kÂáÃµO=_SYß >UßðÜ¢ÅY-ßª•ƒnt 8}
ú(c)Íj
§"ç3Väæ-†bU ~¯ºrqYv²@}-1/2Ìbw Û1 ‚Ò87 Sü Öv×61/4ÓÈ
ÄhÀˆHœ (ÂÞaß oÏQrZr° P'm3/4? 7ß‹§À Ÿ×G
üœ
šÀøÕá>õ"sê"ôÛóÈzàô õHÏÎÆŸõétÏü|õ†.üå'ê"ëWùéDQÓFõÆg§'- ‹S ¤²êq°
~ò'ÀO=×¨"‰' Uh MÀØ§ ADŠp"'( † §7 ïê¹FÅˆ(c)dãº
³ˆ‡´5h ÌeÁ%oîs|•<ŸL3/4‹ Ò õú 3/4ßUïp)ëC`]âÖ*n b Æ.ÁX‡ C:'#
P i†' ZOé =2éƒp!˜BÂdÍ
qÍ‹9'Ðœ üPò %o¨ß#ÿà¯¨_ªw'Œ°4tÿö ºó¹- ¯·ë"2 2Z, µYÛéN]-y"%A ë æ kÂe¦Ì
k ƒµktzD‰2X*Âá‰$1/4Èë•HÀØk 2ÂE ·"Ýa" 1/2^Á˜-Îq
•...( Î´
Û
X(tm)ç"!p90; ã-T ¤
ôs¨~ ÒfA@Ó@ý[ÔÎª¯ª›Ð"h×µ ö¸z‚•§×týxé':$|a+*(c)·ñp[Q# ¸ mDoÖ×¨¯Û›\¹‹¢K££ƒêÃo0FùÈ(tm)ª
=ªa"ª HPTÄ.1!ò¢He AT"°ë1š
Db£) °ƒ‹EcÑ"÷>4 zT=(c) õ$êGI'?Hî¡ ÉÛ8 m"µïˆfM aÉ‡ "" E}§l# wjäo† h "1 V F^Ë'ÿÞbsò- M.†ÍbÈâ {^Kˆ (tm)úÛÍ›Äsó& º ¯NMU€5aúŸd epÅŠÃ v Øc"‚äpÈvÐ"(tm)J&' ZEàõì1/2 M³Ïmyó
J"...E -¯X5~|ë/-{J·4mÝípRõ"þ
º²ùb´V1¥¡EÖ †g›q JKeö² ë1¥¸ ! }¨ æ ²ÀŸÄ§%$ AƒH ‚e1/2,âTºõ£Ó¿RŒð˜$/±-V¯Ôˆa
+"5$y¤ B ñâþT9` çÍcü Múãü Ü'ýl,ú ÒiõÙH/"Qu×"Z‰þ‚.%'q|›*A•vã3É¦T¯- ß)ç"
z: ªy'¦y¡3é oCÝ CôÌ@ŒÍB€?4•
E‡'?\•Â-0
o2pï+04)'ÿ›îjâºÂ÷9Ï}?X{×±×oð‚wíÝõb°ãÁÆæåÚ1/4 ¤Æá ° dCÀy " V (c)@C£‚'þH 5ýAãˆF¢ •ª6 ¦R+¢ %"æ.!J+5x¯{îì:D4 ÍÜ Íì(r)îùÎw3/4ó ÚMº9'ËNcŒŒñs†²'(r)g Ìt€m3 ÌAz€í1
˜¦ièfÄ(4g› ÚÌ fÓ¢Ý[_b8ñ(c)_XMÐ}ø d
'
7¤Õ`a g-Ìb Ù S SMbUÓ
Tv¹]-k¹‹Êò~WšHŸºÅ 'Ä€Ó ÞPã× C % höJK± ÂÃåvˆ:.U^ ÇÄƒ)ñ@œÃcx)^‚Çèì+dÿd% XJnçóÊÖ"Y...n`#Ñp Hy
[x1éT:Ô1/2XWìäÂægã¸Ú ,VÇÈ9UUÇ§F Ø~bÉðT) 3MÁDµ`Óª m•Úè1£:2'†x(tm) IˆF-hÌÛØøˆ 1Û"B v °ðSâLö·âmü|
¯a(r)‡_ð›" èSÒÁK1/4Ë?ª-£mï!
ƒ "%Ï±À(tm)1esWåR:{ '¯fÁ[>
Êeˆ
ëÄªXœ¦†#ˆúaf±*I ¨a...Ýùþ=1Ý÷bù ƒôå 0Šð·šhh‚wÅKâ' #x ¯ÀËñËâ¥LmbxAû`ª±!Ø³ ußœDŠ|&N‹Íø
1/4 ÷ãób"8søJSsº(r)eÞÕÃ?1/4Üüdº±iÁE"ïß È"U¢.+šæéòvÞ^3/4› •)EiÃpDÒNêÐÖ¢~D 9ËçµÛSµ"Úª& #àØRõÈðM·¥‰¯]-œ1 tÛ"<ÖÓeDÖ'"z2(tm)ƒË¯‰£¤õà•ÎÕëÅHSMzÓªt8ýLyq›¯*B>÷ë-êÖP(,
ùÍxrî•£-=Þ*Z‰ÂŸðU.-Y OÛY+B)ô-å(c)
¤ [ "Ì1/2Îaï(r)€ê£&S sÉÎ¢WfÉiå]›| -Á-‚›rùt-\BQ` R KQQA}7˜jgP¯J"I}Z7‚Þn 2
ú
0 Ìáëop7X
dvÐÑ-s|jÊ3 ‡.'÷
-1/2 ´±G)VNQÕ ùÔ{=DÍ¥;‰ÿÏ4Åï4
úy&"aâšøñ4 nýôî³uF¥(J¤þ‡ bÈí‚ ÷äj ~
÷äiqZüGŒvo_ qàû
.-{œ$Ó
y
ñ ´×j£n¿;åYèa
ã8nÂÍî%Ðg·ãmþ Ø Ø_ô¨á",h8xAJ¡ˆkÞ ÛYâ$N§‡Û$rØ$*-"j-•ü'ôÉMœ²jsÖÆ- ô=Ù@í-{¿92ÐÇüáC1Wl:"'µûÆ"-?óÚÁ±úò5Öþïum¯ª('eÙùÍ'ºäëÃ þÒ‚OÌ]1Ã‰ IQ-Ôê%Sg÷ø=˜‚>x •L·VJU}S.^#hÄx<è
Ã±`<´xæû
JæE"5ÉXC}"ÒíYæ[RÐQ²4ÚVÓ ë¨ÿ(r)£ÇÓ3cuÍêÄ
þ3/49{1/2"b" Erð" V'¨nd¢ Gy1/4˜è! šYçb(\\\-
"A9×RÈ(.v ër (SW-flfðDèRˆ"$_L Œ Ø("î'ÒTÉAA> õÞ'› @ôb1/4 Úù
-oç6hp¦SHÚli´3/4É. [Dú.ˆì@Ù v ˆ>nX×ÜyqÙÅS0 è‡±ú\éªû/ÕuÅÊ"+v-{µûìiñF¤µ
oÞÐçr{›ëçvx áæ?1/2‰iCxgÑfWÀÓRÝØ ñF‹æ3/4öcñ...D
v x¥¢:"XÁiJ'æÖKtÂ{Ô é '_Ñ5K? "œQ1/4"1/2#åE i¿...ÇÅbv (r)Ë¸HÜÉuÝÃ Þ[à1/2¨Ýr
!ìbÒÝ Î€ËöÖPÆåò[~œ€ Œõì6#Ì- O†IHs-Û.Ù&@ FBpØ 4C-D3/4 Š÷ñÐîC‡ñø] .Ã!úîä†³gN§ç'-Š ñ7h ŸCå
ÁN tÄZÉ@f-NaâP|°MÎü`ù '5¤Rz¢ÍÄÕ¤
w F05 §a ¤1TAç£ íDmt=ZE_@ÏÒ}èEê9' +ÑÜÚ Ðxn8è...Î'ê6DÙ"piWQ/to
-œ $ö " á...x!¿ùU zŸ›>è Ã¿E¤gÁÄê‡(tm)È £ô6¹Áné L'n Ýºe '#ì¸>bÈW·õ †S× 3L‚,
RÅªÔ˜VaÎtÌ#)6_O Ý¤•}Go5Ö'çµ~ `ãÇÉËì-ýMã °37f¨4]
i˜Äá‡hºÆT¿Â
"1/4 Çx
Ïçíx)×4
~ éŠôŒ¨X*ôøÔ'V'ü1bJ ÀMiBI pSŒ<V¿²¡r)ñ H±œil‚b'>G¢¤ÙQ~@åìØiãeJÈ"òÔ"bTôÝÿLô‰Q|è_á 'þ*±£?(tm)ì
ü
é?ä N} y?b"ß. "pCF"(c)z n "
m'A5M•< < †x'|¢›È4
N(tm)+œ)X7(1/2Îô c:Fªz]vª`Í@"ck Â¤+¢ªÎ #!#"
àpÃ¦±DT‡ c:ø1/4}µM4Q OÆ§'IÙ†|ÒûµôJ(FymltÿµÑÚ ûCó\Ó3/4eE€ß,K6É ó#¢K|"> Ïñ(c)Hà_b
öãŸ‰9ø-¨$ÿ$ŸŠ ü›ìlÀf ° l4ôSk8¡v¨O(c)›Õï"\UTÍ
{U ?@ 7Ìƒ=, ÌÂ [‹7âMl ï`N¤2 t8¥šÛH ...œó Šð
ãi4ŸCÎù ô4ß6óýh'‡†ƒp€{X"%Ø% ‡¡Ûz'"^
C(
á÷>^)ö´ µ2˜ âhö_øm˜ Á{L3/4=IzèPö- jØf ¨ØŸm§;`ù›hJë¤
5-¤óµ6º
<>õU*5µœìTM"Nè¹(r)þØ&Î3|ßwwöÏöùb;>ŸcÇÏ± ã88?œ4 _~@š H %lÎ A0 Ê¯2 Si¡¨¨Ýè6¡Ò,h'AËÔÁºQ!ÖÑ ¦ ¡A§i£eLë (c):)Û _ö~g‡Âþqî¢Äßû3/4Ïó=ïó¸ dÌA°0Ó
,Íó´(tm) dãi³(tm)8[†áp²(r)ˆP!íÍ(tm)|s (tm)...µ ö,1å...LÃ\¿¿
ŸÎïbVæñ
¢ D
l$õÔwÓŠÉe¨Ì^ÀÈt "h Öy'¢!¢œB†úYÓÈX$ÙºáV` ðõn'þ"ü 1/4]?-è"ÍÇï}Ù
ßûþ>"‚ï¥(c)NÍ Q4Ý" ´ Oˆ'‰oî3ƒ... •Ã ] .'Ê$'
eÉ-cRú§ùwP...þ3/4y
œpHßïÏWÎ\0#ºXù(c)‡¥³TNæ5óUå
PwC ßÏªÏCõ"ï±-î'‰œÆSì-C•GµV(tm)±P2ÄÓ&
Î‚ Bƒü6 £ † d!¹²"¡ûè z‚¥ÉÚ"\¢ ˜ @ Ç‚Îf
1/2pû -à§l<(r)ÈÝ¨coé-õWô·õ+Xú OcoþôB²ô7ÙØ\
:'Î¡ó úÁDœ¨d± 6öåeIó
Œ×
‡ÇLGào+~EaP30 dÖ0€³v2b`
¤Qò ÿ F!:ö¹~ -cit˜¸¸ÔÜmf9s ²h‚Ú"¹pµ³z-"Ö"(tm)ÝìÝÎm"ØQÍW3/47÷§³ºPk ¡cÚj ÓëŒ•"IuR}EeT5˜‰1 Î'qZüTBY0' "¨ÔÁ
i1R-Á'ˆY)ÍÕ€ñ...'D(tm)O¥ †/! .
m q ŒLà6ö(c)Çx ÜPß˜nTÓàNˆ K‹Q]qK!üï¡-
5u" jF£jsmrhÅ >\?<‚¸c‡ />Ù ¨ÿl',_^ÿ)ŠÜåmNG[c_Kõ‹ZÙ#_>ïG‰ ÕbÊv%ÂH "~ó"< "88w-¹
X[)?Õ¡%ëÙzk1/21/2ƒí°vØØÕeãe"Üd‰@·û˜Räæ,šÃBùl[Ëe³Sqo m Ã[&cÄœBÍ'áÌ#
ŠØy3¹˜ÐCª"þÖøæd6 î
OîCãú W ÷. õŸ£áåS›.}"Ÿxë"@þ vË[ïè³úÙÊX"É•¿ÙÞ¯_ ¦Ö f2ó UMmÐ<UN5Ôâ
uÒ}ü2ï
Ø‰§ áÁ¡

feT Ÿ¯ªê×(^,1/4óAx_ øL¹¸cvÆP Ã2Æ Ã,²F !PÒK
oX ´H`""
Èðé-þ¹jpxüéÁ¿;ûëá"{'Z9ÚrðÕ×k_¯†S%‰@_UÝP`iw÷_ø"ÛÝK;âIý†"ÖåöŸ?ñ³" ·;Q¢ß°U v iœû"9 ˆ"Ra@$Ñbkñ÷Øzü9' (r) BÒäÃMùÚ$ q¡vÎâò ...šˆ |BN ( ù‡LË }T 9 (r)ÀÒWÍ"ôH/Ì }ºâéPuóÅOz: 1/2=fë24O+ƒý" Ö
ï(Ó . $0Ë"¯è^ ‰¢¿Ý¯ÀQ›tæÄÉï"P5Aç(s S"Ú¨...#z[ îcÚl ê3x›SHÙ'VA * ›˜) ÉD òSóÂµ'e ðñzË ËÖ¨ E A¡s•"aY€¨hé¡#
-‡
Î‡DwÈðê£â,xyü¡þ~ ¢Y ÂˆÉ#(c)&±"kÑÎ...ñnO$Þµ¸ùY?=~ü S Õ"/,ê'õ"z~ï¦òrŸ¯Ô¹@ÒoI~Q"ð' Û÷l"šé¦(zÐ djHk ÔÜ"`Ïp kãDJTÊ(c) _Ëk1/4‰ç);ÇQ¢X.&EZ"DŠ Êî°íSö3vÖ
í 9H¦'Æ
†Ý
[ ,}'ˆ-Q1/2 ;G
7Ô rô ÏµªrórTªÿWŸ>räã¿ô<_ËZMÎÞoò³ 3/4GOÌ-_1/2*ðDå õ!æ Ü 'j¦rÚÊVÓ2"æìPsøYÿ@(r)'""˜ÈVœ-Éí Ék3Ë´Õ3ö¸Ù¡ •Z%§\SXE µ•ÚÒTLqL´h^äõš}5¹'
â6/mFÞ*'ä‡ü* ÃºL qƒøõ X‹Ðÿ13 ¢#JOåþI§â](tm)I~
ZÛÛ{ó...Ü•§ª".5ÞÚ È-?î¿9ÓÝøÌÈê ›lh ²XÞêxãh÷†he4øÛã7 -NûÈk'-‚=R -yÒ]Ÿ T<ÿÇ§º-/ˆ¤ "iã¦5k*v9]õ-%-œ›uØ¸N'cGÈÆ'"%ÊÈ!(- ‰Üµf
AïÀw Ò 1/2y+u3Óú" -t6Ç×¤ôi41/4úu§ÎáDç¡`e( ~ptízwÿŸ¯ J{¡"Ï
ï`¦Z4-I (Lí,‹YÄ1¯³#"‚
-ÕFˆç ³Vðtq‡ÌÎ Ò$g@² 'P *@wÈ ýe´Y7...$`ÂÜ)} Á %Ðë€- 'a79ÈÝî‚4*±`µÚh %õIXJš3æ>3mv1/2îtš%ÚNF ÊšŒIëÀ× `,p hJ@'Gg Üyd\ n0,
-"ýîèqÕW1àÝÐý{ Ó_B;\ >'x" ÛÞ-inÖ¨¯€Ä]¨O jËÀ ¢ %˜1/2@q
ø ¯¦ù_ÐØ"XL‚KP...z¡SX%˜8ÌZX3‚àSøU¿0.ì L -µä,Øb11/43/4sÞë-Û4 ÍÑ
"Åji¨~2kÄCÀÓÈ‡Y°1/2 (tm)‹ìâÛ #ÿÄ¹‹U ÷ÂÜÕGõkdÂ¨1/2¦ïBÿêÖGM(r)ÇÐ/õ²B'èfô Fˆ{
=-(c)...Ô"‚G °+àVÀÌä*ÎÂÂSßÐ'¦ )ê
º£ý:}!•²²r€ñ²2 W¨±GP>"}ÇzÆzÍJ[ÉQ
°•Vkb#'Lh‰Ñ S8,;›O9f¤fƒ1ÄãçSÐnè1ö>Ædwá> > È-±-L¢˜iõÖèSfxjŠ÷G
n Ùx1/4jÃ"_ïÝ O&ñÂmªú?ÎË?(c)ëŠã÷×ûíÄ±ãßc¿8N‚ÄÄvâ" å... 5 ]WJ×Ê ¤áÇ` J• l+PT¤¡
ºQ•ªLí*ªU Ý˜ hÊª]µk:6µðG[4¦nlÒ†´ª‹_vî³"PµHÓ û1/2 ë)>ç{Ï9ßÏÕ£'éë¤å °l N_g {-Ý³~ÝCC(c)TÛ±ÑBlû Ï;tŸðÿtŸûë>+ h>Ë*(r)± ð-
Ü6f¸†Âª
ªÚ‚h[;†}@ ÜU¹ ÍÒtÑr+ûv‹áæ¦ ›0oþÕ1/4iþ
·€£¸ðBó¸-
¯L%WDªkk‚U÷¦ãk á i§ÞÀÝØ}x±ù†ù-Áý
q=´ þñáá1/2uõµµµ‰1Niæ › *€Òî3œ¸5"Ã¹Ðjû€}\ ÷Ë-ŸÓ01/2¡ >5ªa¡‰Ôµ¤œ)B°‡*²Í é"5¯ ÙnÍ2› VÙóy]dµ9 _ 96eþã-€5(r)&°ÚÅ+æSC›äªz›÷í!=æ¿Ì_Ô5˜ÂÌN µ_›î(€Ü;6õ...¢
Z>Ä‰f¹'š'š±¨ LcÏÒ \< qÉ ÖØ k --| knÍa
D\$ 8'}(tm)l²_&›ØÝµMýÝ¯d'Í7vçÀ/nC s¨Õ nÇ ÝÄëSÓSópSU:Ê†ÁùWþ
• d* ,6Å %Ì[Î #†åœ0Œ Ùš9
Å 3Çk÷†1/2Ä& "¹‰Ã"¯° '(Ùülñ-r £!×ŠæìX-Û·:Z7Ôäˆ;¨O'"B 8ééuyuB ²Î(tm)h ´í@'Œ€ÝRawEj';Ê¥†Ü› " ÛÛ ...9 GmÎ,‰Ø YÝ€è1/2‰ò
C¡ïè{u¢ë
Ý!ö,Ã eVVvxŠ1 )'ˆ·<˜áŸ¹ O6"é¤4 ñ-ñ>ë}ÅË1/4€1i~TKp2›Ç4ë ãí˜§éyãoµúæÎxíµ-t[È€¯î¹Ö ò -"ûú·e-7ìJ>ioïå=3/4(tm)"r(r)Œ5néX±1³¦igÛØx(r)ïb¸ 7T6û1/2zsª3/4Á(c)zí
N~ùþLº+(c)›×Ë"
W "¨ktkngýÇWý ¥u'Eu3ŸÒ~á9 D÷ nÓ¢,-±nU |> ˆàÓ¸ ØjM
u‡V...ˆ¨- $" #"ŠˆVÐ-)¥É|: -Ì-
Ü&áït'Û$ í8ÊY";æ FÚ
gˆÌ•‹
€|Ý|(tm)ØËïÊU=èîØçyå-Rv
÷˜¯ß2·wÞ.ð(c)ÿ; Þq8' g ÐUFL Câ¸D+#ÐûÄ-(À
œ ºf'¨
5èµæ Ô¡ÕFÅ3/4/
ø'Óq[<
7úàO63/4ð ^"8*z"bC üÐ "¦Þ' ¦Öl‹ÖÖ†i ×
~ØIˆCD

ð!ò>þ0 +Äƒýd &ˆ xP` J(j ì ggþdÔÂBCŒ '‹ÆQŒv¢V*#à-ê†ç"8 @³í...l-"2¡ÉR å"óV
8ŸH€OOÂ[Äùm
¸´-Äì¤¹Åü9‚Gþü øÏ 6Pð" <^;ø" âµ¡£Æ† Ê U ´ v 8*ÔËYÜ.,'[µ ^.ôË9í ²šV×h›É Û
K{É Û))¨"´ˆg& DAD
-

kAûÑR'(*¯Œù €ür" s€ÞàÈï€ ¤ ñÃ
ç!~˜ 1/4$"yÖ<|ùMó°ù -ùùpëÛ§x6äJ!^Ì¨"ÕÌ4ìÂ
•†¦_%†+-•ù·~
d?ñÈqR'ß'›
ÊŠ((šGðk1!(r) 6k²,K|-˜B ÖT
(c)Tæ¹h*'€Æ 3/4ŸË ¦¸ S céŒˆ]¢ˆ‰ É
aÊdU'DAÖ Ø{u¡bÏ"~ ÏÎ1/4{ î0PÞ} î%&+Ÿe2£Œˆ"K¦Kí'äGÐ ,3/4"‹¿1/2 ...æÄÁñK›}ÖM(r)¸$Å•× ‚JX€A<ÅR ³ Ì‡¯\5· ¦mÂO1/27...dnÄ1/2æ9ÒBRæE1/4¸ðGÐ Þô
è&¡
Æ ‰(c) 1/2, TŠ ‹Ò ñ J
â'('(c)È|ÔÃb¸´£6œ úh Æ"HÙ7)$Ï÷œH1/4 D!À(Sy±#7ƒ²f ¨•-GKØ è^
²ÝèQú sð‰A s±
[Í† ÈOl"ÀÿºM Å(r)$•UP¡s õ'‡ O·Tô"2üæ¡ð*#^;•Vñ?SxÛ|üEs üí ø ã_²3/4‚A&yý/"J !c 1âT'å3"º`-"ÉF²V ##'@ä-,K´G ß.S"I<* lMÒöj˜ð€ Iˆ$ä ¿£"Àq´W0S0ŸpXgâtœøLDO nÚ d'->) æQ´›£l o -3 G*p$œWUìš¨Ä‰ ...
Øòp 3/4$À C¨ÉÞ œ¥ª%E Œæ&X‹...d|]dw1/2¦n1`K ·Â ƒU[Zw á, Å*¹"ù ¹NÌv˜Ÿ]øøÉ³==gŸüø -*tÓkj?tèùššÈú(r)-æèåóÇN ýçÑSÇÎ_3/4êô Vn;r.åK;²må@ Ï˜£Ôg±3/4
]±† Î÷ 1/2È(tm)ÿ4G~ðÄ1/4Eù\ ê3o`¿9*=Í 8
\² XkTna O$ }¢ " Šææ‚-
þz7up PÑ"yaÌªQ£Z_T'U¡yŠ5ò•Â€ \¨ÞZäS(r)Mµ(tm)ß¹ ƒ`zÊÃµ a.YŠ˜ŸÝ(r)ˆ3/4(r)k
--1/2ðoî ‰ßyÕ'Œçv MTè5Èm(c)Q3ªì
äñÄ&¿ 1/2B'ß>éóÛc"y D"ûiO) ¨ 9Üäu"UÚ
nœXå-UD†9à-ô

Posted By : JSntgvr - 1-17-2006 7:12

Either the file is damaged or the software filters are corrupted. Can you attach a file to a reply and allow me to open it?

Posted By : klas - 1-17-2006 10:41

The portion of script was taken from the following Spanish Document (which I assume was translated into English or some people would say Amercan). I have attached the link.

Thanks NIE application form

P.S. would I have the proper FONTS? as when this has happened before I received a message promting me to use different langages.

Post Edited (klas) : 1/17/2006 9:50:18 PM GMT

Posted By : klas - 1-17-2006 10:58

HI, It would apper that I ve accumalated a load on new soft ware what should I do with all this stuff. I now have a number of anti-virus programmes such as norton. Is this wise?

Thanks

Posted By : JSntgvr - 1-17-2006 11:46

ADMINISTRACIÓN GENERAL DEL ESTADO
Solicitud de N.I.E. (Número de identidad
de extranjero)
(Reglamento aprobado por
Real Decreto 864/2001)

It opens fine in my computer. I have to say the your Acrobat Reader installation is corrupted. Uninstall and reintall the latest version.

You only need one Antivirus, so remove one of them. Let me know which one you will keep. I would stay away from Norton and Mcafee.

Remove all Anti spyware and anti Adware and install the following:

These will protect You against hijackers/malware in the future:

Spywareblaster

javacoolsoftware.com/spywareblaster.html

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers,
and other potentially unwanted software. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially unwanted sites in Internet Explorer.
SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background.

Spywareguard

www.majorgeeks.com/download3045.html

SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

IE Spyad

/netfiles.uiuc.edu/ehowes/www/resource.htm

IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.
Visit Microsoft and check for Critical Security Updates

Microsoft Update

Obtain the latest updates:

v5.windowsupdate.microsoft.com/en/default.asp

Posted By : klas - 1-18-2006 12:10

Hi Its getting late but before I good could you advise if I should remove all the programnes I installed during this process, eg hijackthis, killbox etc?

another question, can I download adoble from anywhere safely?

Posted By : JSntgvr - 1-18-2006 1:07

Yes, you can remove all those programs. You can get Acrobat Reader from here:

http://www.adobe.com/products/acrobat/readstep2.html

Posted By : klas - 1-18-2006 11:50

Just a quick up-date on progress.

I down loaded Adobe from the link above and its working first class. Don't know about Word yet, will keep you posted.

I have anti-virus sofe ware called AVG and something to monitor trafic called ZA ZoneAlarm. along with the programmes you suggested should keep me safe (and not forgetting the luck of the Irish.

As suggested, I have cleaned up LimeWire and had a talk with the primary users! and will keep my eye on this.

Posted By : klas - 2-3-2006 3:53

Hi I feel that I must sorry for being back, but i am having a problem insofaras, my computer is running very slow and when I am on the net I keep getting a pop-up called "BEST OFFER" which would be connected with the computer locking up. I believe that these are connected. Can you help?

Posted By : JSntgvr - 2-3-2006 8:58

Post a Hijackthis log and let me take a look at it.

Posted By : klas - 2-4-2006 10:19

Logfile of HijackThis v1.99.1
Scan saved at 09:18:14, on 04/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Posted By : klas - 2-4-2006 10:27

Any suggestions as how i can remove Norton anti virus, I let my subscribtion run out, then descovered the web site won't recognizes me therefore I can't uninstall it. Have you came across this before?

Posted By : JSntgvr - 2-4-2006 2:31

I do not recognize any of the following programs, do you?

O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe

These products are of unknown, questionable, or dubious value as anti-spyware protection and you should remove them:

O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

Fix this line with Hijackthis:

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab

To remove any of the following, follow the instructions in the link below:

Norton AntiVirus 2004/2005/2006
Norton AntiVirus Professional 2004
Norton AntiVirus 3, 5 and 10 User Pack 2004/2005/2006
Norton GoBack 3.1/3.5/3.6/4.0/4.1
Norton SystemWorks 2004 Professional Edition
Norton SystemWorks 2005/2006 Premier
Norton SystemWorks 2004/2005/2006
Norton SystemWorks 2006 Basic Edition
Norton Password Manager 2004
Norton Internet Security 2004/2005/2006
Norton Internet Security 5 and 10 User Pack 2004/2005/2006
Norton Internet Security 2005 AntiSpyware Edition 8.2
Norton Personal Firewall 2004/2005/2006
Norton AntiSpam 2004/2005
Norton Ghost 2003/9.0/10.0

service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=bar_sch_nam&docid=2005092916503236&nsf=nip.nsf&view=244fc202cff0619a882570cb0002a0c6&dtype=&prod=&ver=&osv=&osv_lvl=&seg=hm

For earlier versions of Norton, use the following tool:

service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

Post a fresh Hijackthis log after you have gone throughout these processes.

Posted By : klas - 2-4-2006 8:03

Logfile of HijackThis v1.99.1
Scan saved at 18:55:52, on 04/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

THIS IS THE REPORT COPIED FROM THE LAST hjt, SCAN AND I HAVE FIXED THE PROGRAM

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab

AS REQUESTED.

I DON'T RECOGNIZE THE OTHER TWO PROGRAMS YOU IDENTIFIED AND I AM HAPPY TO REMOVE THEN, IF YOU THINK I SHOULD.

O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe

HOW DO I REMOVE THESE PROGRAMS

O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

i CAN'T FIND THEM IN THE ADD OR REMOVE.

Posted By : JSntgvr - 2-4-2006 9:56

Some programs come with their own uninstaller. It could be present next to the executable (Start->All Programs->Application Name->Uninstaller), or within the folder the application is installed. If that fails, fix the lines with Hijackthis and after doing so, boot in Safe Mode and Delete the folders where the application is installed.

O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

Attempt to remove Norton. Once you have ran these tools, post a Hijackthis log to confirm if the application is gone. Do not fix anything related to Norton in Hijackthis. The slowdown could be due to Norton.

Posted By : klas - 2-5-2006 11:29

Logfile of HijackThis v1.99.1
Scan saved at 10:28:05, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

THINGS ARE GOING MUCH QUICKER NOW, I THINK I HAVE REMOVED MOST OF NORTON, WHAT DO YOU THINK?

Posted By : klas - 2-5-2006 12:07

Hi I ve just got a pop-up from SOFTWARE ONLINR .COM, which says that a REGISTRY CLEANER RECOMMENDED and then asking me to do a fre scan, Do you think this is a new problem or a old dormant program?

Posted By : JSntgvr - 2-5-2006 5:24

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find:

Symantec Event Manager

Right click on it and choose "Properties".
On the "General" tab under "Service Status" click the "Stop" button to stop the service.
Beside "Startup Type" in the dropdown menu select "Disabled".
Click Apply then OK.

Perform the same action with the following services:

Symantec Password Validation Service
Symantec Proxy Service
Norton Internet Security Accounts Manager
Symantec Network Drivers Service
SymWMI Service

Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service.
If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

In Hijack This, click on the "Open Misc Tools section" button.
Next click the "Delete an NT service" button.
Copy and paste the following in that box:

ccEvtMgr

Click OK.

Perform the same action with the following:

ccPwdSvc
ccPxySvc
NISUM
SNDSrvc
SymWSC

Reboot in Safe Mode.

Delete the following folders with Windows Explorer:

C:\Program Files\Norton Internet Security
C:\Program Files\Common Files\Symantec Shared

Restart the computer. Post a new log.

Does that pop-up happen all the time, or just when you visit certain websites?

Post Edited (JSntgvr) : 2/5/2006 4:25:13 PM GMT

Posted By : klas - 2-5-2006 8:41

HI, Everything went well and "stopped/Disabled" the programs as requested.

However each time I tried to delet the programs via Hijack This I received the following message.
THE SERVICE YOU ENTERED IS SYSTEM-CRITICAL! IT CAN'T BE DELETED.
I tried to delete the following
ccEvtMgr, ccPwdSvc, ccPxySvc, NISUM, SNDSrvc and SymWSC.

I haven't tried to reboot in safe mode as yet, any suggestions as how to proceed?

I found a program runing called THE BEST OFFER, but each time I ve tried to remove it via ADD/REMOVE, it opens a web site called
"The Best Offers Network" and describes it self as a Division of Direct Revenue.
It then informs me to uninstall via going to WWW.bestoffersnetwork.com/uninstall. to get the uninstall tool.
This I have not done as yet. do you think it is safe, I am concerned that I may get another free program which I can't remove.

This pop-up always appears when I looking at web sites which would advertise something eg, car hire, hotels offers things like this.
Does this help identify the program?

Posted By : JSntgvr - 2-6-2006 3:37

They are critical to Symantec (Norton) but no loger to your computer. Try in Safe Mode and also attempt to delete the folders. Make sure these services are disabled before proceeding. If the service is active, it wont allow you to delete it.

Question: Did you use any of the Symantec Tools I suggested before to remove Norton?

Posted By : klas - 2-6-2006 10:05

Logfile of HijackThis v1.99.1
Scan saved at 20:52:22, on 06/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

HI I THINK I HAVE REMOVED THE NORTON PROGRAMS AT LONG LAST!! WHAT DO YOU THINK?

I STILL HAVE THE "The Best Offer" PROGRAM, EACH THIME i TRY AND REMOVE IT VIA THE "ADD/REMOVE PROGRAMS, IT OPENS A WEB SITE IN VIA MS INTERNET EXPLORER. AND BLOCKS THE "ADD/REMOVE" WINDOW SO I HAVE TO REBOOT THE COMPUTOR TO CLOSE THIS.

THE POP UPS ARE ATTRACTED TO ANY WEB SITE WHICH DEALS WITH SHOPPING. CAN YOU HELP? THANKS SO FAR.

Posted By : JSntgvr - 2-7-2006 1:28

Close all browsers. Fix these lines in Hijackthis.

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart => There are two entries
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background =>This is not the Messenger
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

Boot in Safe Mode.

Delete the following file:

C:\Program Files\MSN Messenger\msnmsgr.exe (Make sure you delete the right one)

It looks like the real thing, but it is not.

Try to uninstall that program in Safe mode.

There also should be a folder that can be deleted:

C:\Program Files\Best Offers

Posted By : klas - 2-7-2006 5:04

i HAVE FIXED THE FOLLOWING LINES:

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart => There are two entries

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

HOWEVER I AM CONFUSED. DO I FIX THIS LINE?
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background =>This is not the Messenger

I CAN RE-BOOT IN SAFE MODE, BUT HOW DO I FIND THIS FILE? AND DELET IT OR UNINSTALL IT?
C:\Program Files\MSN Messenger\msnmsgr.exe (Make sure you delete the right one)

AS MENTIONED BEFORE, I CAN,T REMOVE OR DELETE THIS FILE AS EVERY TIME I TRY IT JUMPS TO THE WEB SITE DESCRIBED ABOVE AND I CAN'T FIND IT IN PROGRAM FILES?
There also should be a folder that can be deleted:

C:\Program Files\Best Offers

Posted By : JSntgvr - 2-7-2006 5:35

Fix this line:

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

Do not delete the file. The entry is not necessary.

You can't delete this folder even in Safe Mode?: C:\Program Files\Best Offers

It is possible that there may be some entries in the registry related to Best Offers.

In your position I would search the entire registry for the string Best Offers and delete all instances of it. Are you familiar with editing the registry?

We have not tried Spysweeper yet.

Please download WebRoot SpySweeper (It's a 2 week trial):

www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129

Click the Free Trial link under "Downloads/SpySweeper" to download the program.

Install it. Once the program is installed, it will open.

It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.

Under What to Sweep please put a check next to the following:

* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits

Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.

Click the Start button.

When it's done scanning, click the Next button.

Make sure everything has a check next to it, then click the Next button.

It will remove all of the items found.

Click Session Log in the upper right corner, copy everything in that window.

Click the Summary tab and click Finish.

Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.

Posted By : klas - 2-7-2006 11:51

Thanks for the advise, I have run a Spy Sweeper, scan and this is the report. But I did this before I removed the 04-HKCU\..\RUN:[msnmsgr] via HJT. Which I am about to do.

22:20: |       Start of Session, 07 February 2006       |
22:20: Spy Sweeper started
22:20: Sweep initiated using definitions version 611
22:21: Starting Memory Sweep
22:23: Memory Sweep Complete, Elapsed Time: 00:02:39
22:23: Starting Registry Sweep
22:23:   Found Adware: deskad
22:23:   HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/deskadx.dll\ (2 subtraces) (ID = 124926)
22:23:   HKLM\software\deskad service\ (4 subtraces) (ID = 124927)
22:23:   HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\deskadx.dll (ID = 124930)
22:23:   Found Adware: wild media - minigolf
22:23:   HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/wildapp.dll\ (1 subtraces) (ID = 135051)
22:23:   Found Adware: wildmedia
22:23:   HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146695)
22:23:   HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146709)
22:23:   Found Adware: security2k hijacker
22:23:   HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
22:23:   Found Adware: directrevenue-abetterinternet
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
22:23:   Found Adware: systemprocess
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\startup\ (2 subtraces) (ID = 860412)
22:23:   Found Trojan Horse: trojan-downloader-2pursuit
22:23:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {1b68470c-2def-493b-8a4a-8e2d81be4ea5} (ID = 910513)
22:23:   Found Adware: psguard\winhound fakealert
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ (2 subtraces) (ID = 1035010)
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ || displayname (ID = 1035011)
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ || uninstallstring (ID = 1035012)
22:23:   Found Adware: spywarestrike
22:23:   HKCR\appid\spywarestrike.exe\ (1 subtraces) (ID = 1108221)
22:23:   Found Adware: spywarestrike fakealert
22:23:   HKCR\clsid\{0f25878f-f8ae-5d5d-2bb7-31b5f803290d}\ (19 subtraces) (ID = 1108224)
22:23:   HKCR\typelib\{c1a4c0c9-dbd0-493a-93f8-0b05edc96224}\ (9 subtraces) (ID = 1108245)
22:23:   HKLM\software\classes\appid\spywarestrike.exe\ (1 subtraces) (ID = 1108258)
22:23:   HKLM\software\classes\clsid\{0f25878f-f8ae-5d5d-2bb7-31b5f803290d}\ (19 subtraces) (ID = 1108261)
22:23:   HKLM\software\classes\typelib\{c1a4c0c9-dbd0-493a-93f8-0b05edc96224}\ (9 subtraces) (ID = 1108292)
22:23:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {c1a2fda2-2a5b-2c8a-f2a2-ba2db3a2c31c} (ID = 1109431)
22:23:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {c1a2fda2-1a5b-2a8f-f3a2-b22da1a3c41d} (ID = 1109570)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-500\software\aurora\ (18 subtraces) (ID = 360174)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-500\software\system process\ (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-500\software\system process\ || lastptime (ID = 860390)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1007\software\aurora\ (4 subtraces) (ID = 360174)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1007\software\system process\ (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1007\software\system process\ || lastptime (ID = 860390)
22:23:   Found Adware: internetoptimizer
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\avenue media\ (4 subtraces) (ID = 128887)
22:23:   Found Adware: 180search assistant/zango
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\180solutions\ (8 subtraces) (ID = 135617)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\aurora\ (35 subtraces) (ID = 360174)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 818746)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\system process\ (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\system process\ || lastptime (ID = 860390)
22:23:   Found Adware: drsnsrch.com hijack
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\microsoft\internet explorer\main\ || search page (ID = 128207)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\microsoft\internet explorer\searchurl\ (ID = 128212)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\aurora\ (29 subtraces) (ID = 360174)
22:23:   Found Adware: drsnsrch hijacker
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\dsrch\ (11 subtraces) (ID = 509156)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\system process\ (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\system process\ || lastptime (ID = 860390)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\dsrch\ (11 subtraces) (ID = 509156)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\system process\ (1 subtraces) (ID = 860389)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\system process\ || lastptime (ID = 860390)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\classes\clsid\{c1a2fda2-2a5b-2c8a-f2a2-ba2db3a2c31c}\ (3 subtraces) (ID = 1109430)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1003\software\aurora\ (3 subtraces) (ID = 360174)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1003\software\system process\ (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1003\software\system process\ || lastptime (ID = 860390)
22:23: Registry Sweep Complete, Elapsed Time:00:00:18
22:24: Starting Cookie Sweep
22:24:   Found Spy Cookie: 2o7.net cookie
22:24:   rebecca@112.2o7[1].txt (ID = 1958)
22:24:   rebecca@122.2o7[2].txt (ID = 1958)
22:24:   Found Spy Cookie: 888 cookie
22:24:   rebecca@888[1].txt (ID = 2019)
22:24:   Found Spy Cookie: abetterinternet cookie
22:24:   rebecca@abetterinternet[2].txt (ID = 2035)
22:24:   Found Spy Cookie: yieldmanager cookie
22:24:   rebecca@ad.yieldmanager[2].txt (ID = 3751)
22:24:   Found Spy Cookie: hbmediapro cookie
22:24:   rebecca@adopt.hbmediapro[2].txt (ID = 2768)
22:24:   Found Spy Cookie: specificclick.com cookie
22:24:   rebecca@adopt.specificclick[2].txt (ID = 3400)
22:24:   Found Spy Cookie: directtrack cookie
22:24:   rebecca@affiliatemarketing.directtrack[2].txt (ID = 2528)
22:24:   Found Spy Cookie: alt cookie
22:24:   rebecca@alt[1].txt (ID = 2217)
22:24:   Found Spy Cookie: atwola cookie
22:24:   rebecca@atwola[2].txt (ID = 2255)
22:24:   Found Spy Cookie: azjmp cookie
22:24:   rebecca@azjmp[2].txt (ID = 2270)
22:24:   Found Spy Cookie: a cookie
22:24:   rebecca@a[1].txt (ID = 2027)
22:24:   rebecca@a[2].txt (ID = 2027)
22:24:   Found Spy Cookie: belnk cookie
22:24:   rebecca@belnk[1].txt (ID = 2292)
22:24:   Found Spy Cookie: btgrab cookie
22:24:   rebecca@btg.btgrab[2].txt (ID = 2333)
22:24:   Found Spy Cookie: burstnet cookie
22:24:   rebecca@burstnet[2].txt (ID = 2336)
22:24:   Found Spy Cookie: cliks cookie
22:24:   rebecca@cliks[1].txt (ID = 2414)
22:24:   rebecca@directtrack[1].txt (ID = 2527)
22:24:   rebecca@dist.belnk[2].txt (ID = 2293)
22:24:   Found Spy Cookie: go.com cookie
22:24:   rebecca@go[1].txt (ID = 2728)
22:24:   Found Spy Cookie: screensavers.com cookie
22:24:   rebecca@i.screensavers[1].txt (ID = 3298)
22:24:   Found Spy Cookie: touchclarity cookie
22:24:   rebecca@msn.touchclarity[1].txt (ID = 3566)
22:24:   Found Spy Cookie: mywebsearch cookie
22:24:   rebecca@mywebsearch[1].txt (ID = 3051)
22:24:   Found Spy Cookie: offeroptimizer cookie
22:24:   rebecca@offeroptimizer[2].txt (ID = 3087)
22:24:   Found Spy Cookie: reunion cookie
22:24:   rebecca@reunion[2].txt (ID = 3255)
22:24:   Found Spy Cookie: spywarestormer cookie
22:24:   rebecca@spywarestormer[1].txt (ID = 3417)
22:24:   Found Spy Cookie: reliablestats cookie
22:24:   rebecca@stats1.reliablestats[1].txt (ID = 3254)
22:24:   rebecca@vmk.disney.go[1].txt (ID = 2729)
22:24:   rebecca@www.screensavers[2].txt (ID = 3298)
22:24:   big stephen@122.2o7[1].txt (ID = 1958)
22:24:   big stephen@2o7[2].txt (ID = 1957)
22:24:   Found Spy Cookie: advertising cookie
22:24:   big stephen@advertising[2].txt (ID = 2175)
22:24:   big stephen@atwola[1].txt (ID = 2255)
22:24:   Found Spy Cookie: sextracker cookie
22:24:   big stephen@counter11.sextracker[1].txt (ID = 3362)
22:24:   Found Spy Cookie: mediaplex cookie
22:24:   big stephen@mediaplex[1].txt (ID = 6442)
22:24:   Found Spy Cookie: sexlist cookie
22:24:   big stephen@sexlist[1].txt (ID = 3353)
22:24:   big stephen@sextracker[1].txt (ID = 3361)
22:24:   Found Spy Cookie: xxx69 cookie
22:24:   big stephen@www.xxx69[1].txt (ID = 3732)
22:24: Cookie Sweep Complete, Elapsed Time: 00:00:02
22:24: Starting File Sweep
22:24:   Found Adware: 2search
22:24:   c:\windows\system32\feeds (1 subtraces) (ID = -2147476748)
22:24:   c:\program files\security toolbar (2 subtraces) (ID = -2147462697)
22:25:   deskadx.dll (ID = 57857)
22:25:   Found Adware: lopdotcom
22:25:   seek less.exe (ID = 91)
22:27:   16 1 log balm.exe (ID = 121)
22:32:   sslanguage.ini (ID = 233228)
22:40:   safeoozevga.exe (ID = 90)
22:41:   a0107794.exe (ID = 230687)
22:42:   a0107799.lnk (ID = 230683)
22:42:   uninstall.bat (ID = 202688)
22:42:   20051211200813.zip (ID = 207109)
22:42:   20051213121605.zip (ID = 207109)
22:42:   20051213215054.zip (ID = 207109)
22:44: File Sweep Complete, Elapsed Time: 00:20:29
22:44: Full Sweep has completed. Elapsed time 00:23:39
22:44: Traces Found: 327
22:45: Removal process initiated
22:45:   Quarantining All Traces: 180search assistant/zango
22:45:   Quarantining All Traces: directrevenue-abetterinternet
22:45:   Quarantining All Traces: lopdotcom
22:45:   Quarantining All Traces: psguard\winhound fakealert
22:45:   Quarantining All Traces: security2k hijacker
22:45:   security2k hijacker is in use. It will be removed on reboot.
22:45:     uninstall.bat is in use. It will be removed on reboot.
22:45:   Quarantining All Traces: wildmedia
22:45:   Quarantining All Traces: 2search
22:45:   Quarantining All Traces: internetoptimizer
22:45:   Quarantining All Traces: trojan-downloader-2pursuit
22:45:   Quarantining All Traces: deskad
22:45:   Quarantining All Traces: drsnsrch hijacker
22:45:   Quarantining All Traces: drsnsrch.com hijack
22:45:   Quarantining All Traces: spywarestrike fakealert
22:45:   Quarantining All Traces: spywarestrike
22:45:   Quarantining All Traces: systemprocess
22:45:   Quarantining All Traces: wild media - minigolf
22:45:   Quarantining All Traces: 2o7.net cookie
22:45:   Quarantining All Traces: 888 cookie
22:45:   Quarantining All Traces: a cookie
22:45:   Quarantining All Traces: abetterinternet cookie
22:45:   Quarantining All Traces: advertising cookie
22:45:   Quarantining All Traces: alt cookie
22:45:   Quarantining All Traces: atwola cookie
22:45:   Quarantining All Traces: azjmp cookie
22:45:   Quarantining All Traces: belnk cookie
22:45:   Quarantining All Traces: btgrab cookie
22:45:   Quarantining All Traces: burstnet cookie
22:45:   Quarantining All Traces: cliks cookie
22:45:   Quarantining All Traces: directtrack cookie
22:45:   Quarantining All Traces: go.com cookie
22:45:   Quarantining All Traces: hbmediapro cookie
22:45:   Quarantining All Traces: mediaplex cookie
22:45:   Quarantining All Traces: mywebsearch cookie
22:45:   Quarantining All Traces: offeroptimizer cookie
22:45:   Quarantining All Traces: reliablestats cookie
22:45:   Quarantining All Traces: reunion cookie
22:45:   Quarantining All Traces: screensavers.com cookie
22:45:   Quarantining All Traces: sexlist cookie
22:45:   Quarantining All Traces: sextracker cookie
22:45:   Quarantining All Traces: specificclick.com cookie
22:45:   Quarantining All Traces: spywarestormer cookie
22:45:   Quarantining All Traces: touchclarity cookie
22:45:   Quarantining All Traces: xxx69 cookie
22:45:   Quarantining All Traces: yieldmanager cookie
22:47: Removal process completed. Elapsed time 00:01:53
********
22:17: |       Start of Session, 07 February 2006       |
22:17: Spy Sweeper started
22:17: Sweep initiated using definitions version 611
22:17: Starting Memory Sweep
22:18:   Sweep Canceled
22:18: Memory Sweep Complete, Elapsed Time: 00:00:18
22:18: Traces Found: 0
22:20: |       End of Session, 07 February 2006       |
********
22:12: |       Start of Session, 07 February 2006       |
22:12: Spy Sweeper started
22:13: Your spyware definitions have been updated.
22:17: |       End of Session, 07 February 2006       |

Posted By : klas - 2-7-2006 11:59

this is the HJT log after I "fixed" the 04-HKCU\...\RUN, file
Logfile of HijackThis v1.99.1
Scan saved at 22:54:44, on 07/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Yes you where correct in the assumption that I am not familiar with editing the registry.

This is the most complex thing I have ever attempted on the computer.

Posted By : klas - 2-8-2006 12:11

On the last HJT log, I discovered that the following file was still logged after I "FIXED" it as requested so I Fixed it again.

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

I have just checked the ADD/REMOVE program and The Best Offer, has been removed. Do you think we have got rid of it?

Posted By : JSntgvr - 2-8-2006 2:08

If it isn't there, it is gone. Check the Program Files folder.

Posted By : klas - 2-8-2006 6:39

Hi and thanks once again, I have built up quite a library of programs fighting these problems, are there any I should consider keeping?

ewido anyi-malware and set-up

Nailfix

Rnav2003

rnav_log

HJT

SYMMSICLE...

Cleanup40

HJTsetup

AVGFree

Ad-Aware SE Personal

smitrem

Spywareblaster

Nailfix

KilBox

smitRem

Am I at a stage where I make a system restore point?

Posted By : JSntgvr - 2-8-2006 10:15

Only keep the following:

Spywareblaster
Ad-Aware SE Personal
AVGFree
HJT
Cleanup40

There is no use for the rest.

Posted By : JSntgvr - 2-8-2006 11:01

Turn System Restore Off to flush out those infected restore points, then turn it back On.

To turn off Windows XP System Restore:

Note: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Select "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply. The following message appears:
As noted in the message, this will delete all existing restore points. Click Yes to do this.
Click OK.

To turn On Windows XP System Restore:

Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Clear the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply, and then click OK.

System Restore will create regular backups of selected system files and program files.

Create a restore point on your own now that the computer is clean from Malware.

Posted By : klas - 2-9-2006 11:41

Hear is the latest HJT, log,

Can you please advise if I have removed all the unwanted programs.

Logfile of HijackThis v1.99.1
Scan saved at 10:39:46, on 09/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Posted By : klas - 4-2-2006 10:57

Hi I have been having problems these last few days, and my computor keeps crashing or desplaying a blue warning screen. I never copied the contents of the warning message. I have tried to do a number of restores but the system won't allow this. can you help? I have attached the most recent HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 22:54:52, on 02/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Posted By : JSntgvr - 4-3-2006 12:10

There is nothing wrong with your log. Check the Administrative Tools in the Control Panel -> Event Viewer. Double click on System. Are there any errors logged therein? That may give you an idea of what may be wrong.

Posted By : klas - 4-11-2006 2:39

Hi can you help my system keeps crashing and I am getting very scary blue messages stating that I have had a memory problem. i have also just logged on to be informed that the computor is locked and it requires a unlock code from me. i have tried to go back to a restore point but the computor won't allow this.

The system is also running very slow and slugish.

I have run a HJT. can you help?

Logfile of HijackThis v1.99.1
Scan saved at 14:38:15, on 11/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -

http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -

http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware

Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy

Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Posted By : JSntgvr - 4-11-2006 4:57

Hi, Klas.

I see nothing wrong in the log. It is possible you may need to reseat or replace the memory modules.

To reseat the modules, just pull them out and reconnect so that the contacts are refreshed. If you have more than one, swap them around.

It is definitely not malware related.

Posted By : klas - 4-11-2006 5:06

thanks for your help.

Posted By : drjekyll - 4-15-2006 7:50

Logfile of HijackThis v1.99.1
Scan saved at 07:25:44, on 15/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\wupdmgr.exe
C:\WINDOWS\osaupd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ntlworld.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Need Support? Write to:

| Forum Help Manual

Download free trial version of Bullguard