RetouchPRO

Go Back   RetouchPRO > Tools > Hardware
Register Blogs FAQ Site Nav Search Today's Posts Mark Forums Read


Hardware Computers, displays, tablets, scanners, cameras, printers, etc.

Gary - I need your help please!

Reply
 
Thread Tools
  #21  
Old 02-08-2007, 01:50 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: Gary - I need your help please!

OK, that's clean as well, vsdatant is the driver for Zone Alarm (didn't need to look that one up as I have ZA on my box).

Yes a Kaspersky scan is definitely an exercise in patience and can sometimes take hours, however it is very thorough and gives a very good log, also it doesn't "clean" anything so we don't have to worry about it doing any damage by removing something we'd later wish it hadn't.
Reply With Quote top
  #22  
Old 02-08-2007, 07:30 AM
Syd Syd is offline
Senior Member
 
Join Date: Mar 2006
Posts: 275
Re: Gary - I need your help please!

Ok Gary here it is. It took a while and it seems that my computer is indeed infected. What do you think I should do? I went and downloaded the AVG Free Antivirus Programme off the Net on Tuesday but as of yet haven't installed it . My Norton is still operational even though it can't be updated bcause it has expired. I know I will have to uninstall Norton before I install the new one. Anyway I won't do anything until I have hear from you. As always thanks so much for your time and patience Gary.

Sincerely Syd

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 08, 2007 9:11:49 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/02/2007
Kaspersky Anti-Virus database records: 265913
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 119526
Number of viruses found: 13
Number of infected objects: 29 / 0
Number of suspicious objects: 5
Duration of the scan process: 04:19:53

Infected Object Name / Virus Name / Last Action
C:\Program Files\Norton AntiVirus\Quarantine\021540D6.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\02186AD3.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\000C2914.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F0D2860.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\26C147E1.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F774C4B.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F911C2E.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\30DE56C0.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\30F252AA.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\3137445E.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\373A53AA.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\73203422.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\3BA412CE.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\43AB3F35.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\4EA754D3.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\34B64E0B.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\06145256.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\06177C52.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\048E4A54.htm Infected: Trojan-Downloader.JS.IstBar.k skipped
C:\goldcodec.997.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.baz skipped
C:\goldcodec.997.exe/stream Infected: Trojan-Downloader.Win32.Zlob.baz skipped
C:\goldcodec.997.exe NSIS: infected - 2 skipped
C:\goldcodec.997.exe UPX: infected - 2 skipped
C:\goldcodec.997.exe PE_Patch.UPX: infected - 2 skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
D:\WINDOWS\system32\config\SYSTEM Object is locked skipped
D:\WINDOWS\system32\config\DEFAULT Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\Temp\ZLT0657f.TMP Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
D:\WINDOWS\Internet Logs\DESKTOP.ldb Object is locked skipped
D:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
D:\WINDOWS\NDNuninstall6_98.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
D:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\user\NTUSER.DAT.LOG Object is locked skipped
D:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
D:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
D:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
D:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
D:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
D:\Program Files\Norton AntiVirus\Quarantine\2924786E.htm Infected: Trojan-Clicker.HTML.IFrame.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar ZIP: infected - 3 skipped
D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar CryptFF: infected - 3 skipped
D:\Program Files\Norton AntiVirus\Quarantine\292E7663.htm Infected: Trojan-Clicker.HTML.IFrame.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\18825CC9.exe Infected: Trojan-Downloader.Win32.Agent.aey skipped
D:\Program Files\Yahoo!\YPSR\Quarantine\ppqFB.tmp\ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped

Scan process completed.
Reply With Quote top
  #23  
Old 02-08-2007, 10:56 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: Gary - I need your help please!

Hi Syd,

Kaspersky logs are always scary at first view, but actually your system is not so bad as the log looks. Many of the flagged items are locked because the parent process is still active, and thus they cannot be scanned. Can't see any Malicious processes among them, for the most part they are logs and Dat files for legit processes.

There are also a number of Quarantined items in Norton, these are encrypted and as such are no threat to your computer. But as you're wanting to remove Norton we'll delete them anyway.

There are however a couple of things that need looking at.

Download Pocket Killbox and install it to your Desktop. Do not run it yet.
  • First copy the filepaths in the box below to your clipboard, by highlighting them and pressing Ctrl+C.
Quote:
C:\goldcodec.997.exe
D:\WINDOWS\NDNuninstall6_98.exe
D:\Program Files\Yahoo!\YPSR\Quarantine\ppqFB.tmp\ACM.dll
  • Open Killbox and check a mark in the "RadioBox" which says Delete On Reboot
  • Click File > Paste from Clipboard.
  • Click All Files button.
  • Click on the Red button with a Cross, and answer Yes when prompted to Backup and Delete the pasted files.
  • Answer Yes when prompted to Reboot now.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, download and run missingfilesetup.exe. Then try Killbox again.

Now delete the contents of this folder (in bold).

C:\Program Files\Norton AntiVirus\Quarantine <- Do not delete the folder itself.

Download CCleaner to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click Next to accept the default location.
  • Uncheck Add CCleaner Yahoo Toolbar and use CCleaner from within IE
  • Click Install then Finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
    • On the Windows tab, under Internet Explorer uncheck Cookies if you do not want them deleted.
    • If you use either Firefox or Mozilla, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.
  • Click the Options icon at the left side of the window, then click on Advanced.
    • Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Click the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you ever use the Issues feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.

As you say your definitions for Norton are no longer current, the programme is no use at all, and you should remove it from your computer. Uninstalling Norton is known to give problems, so to best avoid these.

Go to HERE, downloading the Removal Tool to your computer (the one that comes with your copy of Norton is usually not very good).

Disconnect from the internet before Uninstalling Norton.

Double click on the tool to remove Norton from your computer.

Once uninstalled Reboot your computer before installing the AVG Anti-Virus you have already downloaded.

Now run a new HJT scan on your computer and post the log back here (there will probably STILL be components for Norton that need removing from your computer).

I could also do with an Uninstall list from you.

Creating an Uninstall List
  • Open HJT, and click on Config, followed by Misc Tools.
  • Click on Open Uninstall Manager, and then click on Save List.
  • This will create a file uninstall_list.txt and prompt you to save it to your HJT folder.
  • Save it please, and copy it to your next post.

We'll probably need to do another Kaspersky scan to make sure we've removed those items successfully, but I'd wait until we've got rid of Norton properly from your Computer before we do that.

Last edited by Gary Richardson; 02-08-2007 at 11:08 AM.
Reply With Quote top
  #24  
Old 02-08-2007, 10:31 PM
Syd Syd is offline
Senior Member
 
Join Date: Mar 2006
Posts: 275
Re: Gary - I need your help please!

Ok Gary...whew! that was another marathon at the computer. I downloaded Killbox and deleted those three files. I then downloaded CCleaner and did exactly as you said except I couldn't find this:

Uncheck Only delete files in Windows Temp folders older than 48 hours.

So I ran the scan anyway and it deleted 168mb Wow! I have always just deleted my temporary files by right clicking on my C: drive and then clicking the clean button. And when I finished I checked back on your notes and found that the above button was under the Advanced Tab so I went and unchecked it. I ran scan again but it said there was nothing to be deleted. Do you think it will make a big difference?

Ok, then I downloaded the Removal Tool and that all went smoothly. (An aside here Gary: thank you for you very detailed, meticulously set out exceptionally clear instructions - oh boy! does Microsoft need someone like you) The only thing it didn't remove was the desktop icon. I suppose I could just drag that into the recycle bin.

Next I installed AVG. I did as I was prompted. (If I sound very obedient here it is not, necessarily, that I always do as I am told. It is just that, in the matter of computers, I make no pretences about my ignorance). It asked me if I wanted to scan right there and then which I did but it was taking ages (you get to choose between a fast scan which uses more memory and a slow scan which uses less and, seeing that from now on I will be doing a daily scan - you have reformed me - I chose the slower one) and so I stopped the scan. Moreover I wanted to get you the next HJT log before I have to go out.

And here it is. Next I will do the Uninstall log as you said and then perhaps while I am out this afternoon I will let AVG do a scan but, don't worry, I won't let it fix anything. I wait until I hear from you later.

Regards Syd


Logfile of HijackThis v1.99.1
Scan saved at 上午 11:54:41, on 2007/2/9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Wintab32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Grisoft\AVG Free\avgcc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - D:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=Http://www.synnex.com.tw/
O15 - Trusted Zone: http://office.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B02DC897-A387-4AE6-AD76-E98EA833946F}: NameServer = 168.95.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Wintab32 - Unknown owner - D:\WINDOWS\system32\Wintab32.exe
Reply With Quote top
  #25  
Old 02-09-2007, 12:13 AM
Syd Syd is offline
Senior Member
 
Join Date: Mar 2006
Posts: 275
Re: Gary - I need your help please!

Gary

Here is the Uninstall list as requested. Nope, it looks like Symantec is good and truly gone. Even I can tell that. Thanks to you I have become quite and expert on these things of late! LOL Don't worry I won't be giving out any advice!

Here is the log and I am running AVG at the moment. I shall wait for your instructions and perhaps run Kaspersky again tonight before I go to bed.

Sincerely Syd
ACDSee 5.0 PowerPack
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe Photoshop 7.0
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
ArcSoft PhotoImpression
AVG Free Edition
CCleaner (remove only)
Curves 2 Demo
Dr.eye 譯典通 6.0 (專業版)
Dr.eye 譯典通 6.0 (專業版) 辭典和辭書
eDonkey2000
EPSON CardMonitor
EPSON Copy Utility
EPSON Copy Utility 3
EPSON Photo Print
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON TWAIN 5
EPSON Web-To-Page
ESCX3500 Reference Guide
ESCX3500 Software Guide
GML Matting 0.1
HijackThis 1.99.1
iTunes
Kaspersky Online Scanner
KnockOut 2
Macromedia Shockwave Player
Microsoft Office Word 2003 Step by Step
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
MSN Messenger 7.5
Neat Image v5.0 Pro+
Nero 6 Ultra Edition
Net Transport 1.93.276 with FTP Transport 0.91
Pando
Photo Resize Magic 1.0
PIF DESIGNER2.1
PowerDVD
QuickGamma 2.0.0.3
QuickTime
Random Word Generator
Realtek AC'97 Audio
ScanToWeb
SiS 650GX
Spybot - Search & Destroy 1.4
TuneUp Utilities 2006
USB Tablet Driver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 安全性更新 (KB911565)
Windows Media Player 10 安全性更新 (KB917734)
Windows Media Player 6.4 安全性更新 (KB925398)
Windows Media Player 安全性更新 (KB911564)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Windows XP 安全性更新 (KB890046)
Windows XP 安全性更新 (KB893066)
Windows XP 安全性更新 (KB893756)
Windows XP 安全性更新 (KB896358)
Windows XP 安全性更新 (KB896422)
Windows XP 安全性更新 (KB896423)
Windows XP 安全性更新 (KB896424)
Windows XP 安全性更新 (KB896428)
Windows XP 安全性更新 (KB896688)
Windows XP 安全性更新 (KB899587)
Windows XP 安全性更新 (KB899588)
Windows XP 安全性更新 (KB899591)
Windows XP 安全性更新 (KB900725)
Windows XP 安全性更新 (KB901017)
Windows XP 安全性更新 (KB901190)
Windows XP 安全性更新 (KB901214)
Windows XP 安全性更新 (KB902400)
Windows XP 安全性更新 (KB904706)
Windows XP 安全性更新 (KB905414)
Windows XP 安全性更新 (KB905749)
Windows XP 安全性更新 (KB905915)
Windows XP 安全性更新 (KB908519)
Windows XP 安全性更新 (KB908531)
Windows XP 安全性更新 (KB911280)
Windows XP 安全性更新 (KB911562)
Windows XP 安全性更新 (KB911567)
Windows XP 安全性更新 (KB911927)
Windows XP 安全性更新 (KB912812)
Windows XP 安全性更新 (KB912919)
Windows XP 安全性更新 (KB913446)
Windows XP 安全性更新 (KB913580)
Windows XP 安全性更新 (KB914388)
Windows XP 安全性更新 (KB914389)
Windows XP 安全性更新 (KB916281)
Windows XP 安全性更新 (KB917159)
Windows XP 安全性更新 (KB917344)
Windows XP 安全性更新 (KB917422)
Windows XP 安全性更新 (KB917953)
Windows XP 安全性更新 (KB918439)
Windows XP 安全性更新 (KB918899)
Windows XP 安全性更新 (KB919007)
Windows XP 安全性更新 (KB920213)
Windows XP 安全性更新 (KB920214)
Windows XP 安全性更新 (KB920670)
Windows XP 安全性更新 (KB920683)
Windows XP 安全性更新 (KB920685)
Windows XP 安全性更新 (KB921398)
Windows XP 安全性更新 (KB921883)
Windows XP 安全性更新 (KB922616)
Windows XP 安全性更新 (KB922760)
Windows XP 安全性更新 (KB922819)
Windows XP 安全性更新 (KB923191)
Windows XP 安全性更新 (KB923414)
Windows XP 安全性更新 (KB923689)
Windows XP 安全性更新 (KB923694)
Windows XP 安全性更新 (KB923980)
Windows XP 安全性更新 (KB924191)
Windows XP 安全性更新 (KB924270)
Windows XP 安全性更新 (KB924496)
Windows XP 安全性更新 (KB925454)
Windows XP 安全性更新 (KB925486)
Windows XP 安全性更新 (KB926255)
Windows XP 安全性更新 (KB929969)
Windows XP 更新 (KB894391)
Windows XP 更新 (KB896727)
Windows XP 更新 (KB898461)
Windows XP 更新 (KB900485)
Windows XP 更新 (KB910437)
Windows XP 更新 (KB916595)
Windows XP 更新 (KB920872)
Windows XP 更新 (KB922582)
World Machine 1.25 Basic Edition (remove only)
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo!奇摩捷徑列
ZoneAlarm
綜合所得稅結算電子申報繳稅系統
Reply With Quote top
  #26  
Old 02-09-2007, 02:18 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: Gary - I need your help please!

Post 1 of 2



Hi Syd,

Well as expected Norton didn't come out entirely cleanly, so we've got a service that needs removing.

First we'll need to disable Spybot's Tea-Timer facility, as it will interfere with what we're trying to do.

To disable Spybot S&D TeaTimer
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools -> Resident
  • Uncheck Resident TeaTimer and OK any prompts.
  • Restart your computer.

OK, now to get down to removing the service.
  • Click Start > Run now type sc stop "Symantec Core LC" click OK.
  • Click Start > Run now type sc delete "Symantec Core LC" click OK.
Note: There is a space between sc and stop/delete, and a space between stop/delete and "Symantec Core LC"

Also note the "" and the spaces in the service name, they are important.


Now run a scan with HJT, when it is finished check the following item.

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Now close all open Windows and click Fix Checked to remove it.

Now find and delete the following folders (in bold).

D:\Program Files\Common Files\Symantec Shared
D:\Program Files\Symantec
(Note: Second folder may be named differently, but will be readily identifiable as a Norton/Symantec folder.)

Re-enable Spybot Tea-Timer.

To enable Spybot S&D TeaTimer
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools -> Resident
  • Check Resident TeaTimer and OK any prompts.

Now can you run another Kaspersky scan please, and send me the log for that and a new HJT log please.



Looking through your Uninstall list at the moment, if I find anything of concern I'll post further instructions.

Last edited by Gary Richardson; 02-09-2007 at 02:41 AM.
Reply With Quote top
  #27  
Old 02-09-2007, 02:40 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: Gary - I need your help please!

Post 2 of 2



Hi Syd,

OK looked through your Uninstall list.

I see you've got eDonkey2000 installed on your machine. P2P programmes in general are not a good idea from a security point of view, many of them come "packaged" with other undesirable programs (eDonkey is one of these), and even the "clean" packages are unsafe.

You are downloading programs from uncertified "servers" that you have no way to check, and a large amount of malware is spread this way.

My advice is to Uninstall eDonkey2000 using Add/Remove Programs in Control Panel.

If you really feel you just have to have a P2P program, check this page for details of unpackaged "clean" applications. http://p2p.malwareremoval.com/

The last entry in your Uninstall list is just a series of ??????????, this is probably because it is using Oriental Characters (Windows defaults to ? when it can't read the character), any idea what it might be? (Probably OK, but best to check as Malware sometimes uses this method as a means to avoid detection).
Reply With Quote top
  #28  
Old 02-09-2007, 08:54 AM
Syd Syd is offline
Senior Member
 
Join Date: Mar 2006
Posts: 275
Re: Gary - I need your help please!

Gary you're a star for spending so much time on this. I really appreciate it. Thank you so much.

I opened the Advanced mode in Spybot and went to Tools>Resident but found that the Tea Timer was unchecked already! Don't know how that happened as it definitely isn't anything I would have fiddled with before. Anyway, so as there was no need to restart my computer I went straight to Run and executed the two commands you told me to. Then I did and HJT log but I couldn't find the entry you told me to look for. Just incase I am being a real idiot and it is staring me right in the face and I can't see it, I have included the HJT log for you to look at.

Will take your advice and remove eDonkey.

The last entry in the Uninstall log is a programme for submitting Income Tax online. It is in Chinese so you wouldn't have been able to read the characters. In fact there is quite a lot of Chinese in the Uninstall Log. My browser and Windows are all in Chinese so all those updates and service packs are too.

Hee is the HJT log for you to check. I have no idea where that entry is.

I will start the Kaspersky scan now. Oh, and I ran AVG this afternoon and it found two viruses. It Found and deleted two Viruses. I didn't ask it to delete: it just did that on its own. Unfortunately you can't seem save it as a log but I will type the details for you here. I think the one is just the entry for the virus that Killbox deleted. So that is pretty is pretty good isn't it. It even deletes the reference to the virus! It makes me feel quite confident.

Object Name: goldcodec.997.exe
Object Path : D:\!KillBox\
Discovery : Trojan Horse Downloader.Zlob.DX
File size ; 50.57 KB (51779 bytes)

Object Name: A0048698.exe
Object Path : C:\System Voume Information\_restore{D341 39E 4-9BE4-4AEC
Discovery : Virus identified worm/Generic.VF
File size : 46.5 KB (47616 bytes)



sincerely Syd
Logfile of HijackThis v1.99.1
Scan saved at 下午 10:12:29, on 2007/2/9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Wintab32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Grisoft\AVG Free\avgcc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\conime.exe
D:\HJT\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - D:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [UNINST1] rundll32 D:\DOCUME~1\user\LOCALS~1\Temp\UninstManager.dll,UninstallFinalizeFromNonMsiCaller {AC76BA86-0000-0000-0000-000000000000}
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=Http://www.synnex.com.tw/
O15 - Trusted Zone: http://office.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B02DC897-A387-4AE6-AD76-E98EA833946F}: NameServer = 168.95.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Wintab32 - Unknown owner - D:\WINDOWS\system32\Wintab32.exe
Reply With Quote top
  #29  
Old 02-09-2007, 09:57 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: Gary - I need your help please!

OK,

Seems the registry entry was removed when we removed the service (HJT is not always 100% reliable in this regard), so no problem there.

The viruses found were as follows.

1. Was the backup file created by Killbox when you removed it, it is encrypted so no risk to you, the fact that AVG removed it is no problem as we're highly unlikely to want to restore it.

2. The other shows an infected restore point. Some infections contaminate your System Restore points. I usually wait till I'm sure your computer is clean before cleaning out your restore points, they can't infect you unless you perform a System Restore. Best to leave them till the end, just on the highly unlikely case that we screw something up, better an infected RP than no RP. No problem that AVG disinfected that entry.

Latest HJT log looks clean.

Can you run a new Kaspersky scan for me please, just so I can make sure everything's come off cleanly.
Reply With Quote top
  #30  
Old 02-09-2007, 09:13 PM
Syd Syd is offline
Senior Member
 
Join Date: Mar 2006
Posts: 275
Re: Gary - I need your help please!

Ok Gary ran Kaspersky last night and this is what it came up with. It still found a whole lot but they all seem to be quarantined or locked so I suppose they are no threat?

I have also had the guy from the ADSL company around this morning (because my computer has just being going offline at will and I thought it might be related to some virus) but it seems my wireless connection box (the receiver thingy) might not be stable. Anyway he didin't have a spare with him ( and of course when he was here it acted fine) but said if it continued I should phone him again and he will bring a replacement.

I will do another HJT scan and post the results immediately.

Sincerely Syd

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 10, 2007 8:22:55 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/02/2007
Kaspersky Anti-Virus database records: 266463
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 105423
Number of viruses found: 9
Number of infected objects: 16 / 0
Number of suspicious objects: 5
Duration of the scan process: 03:22:36

Infected Object Name / Virus Name / Last Action
C:\Program Files\Norton AntiVirus\Quarantine\021540D6.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\02186AD3.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\000C2914.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F0D2860.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\26C147E1.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F774C4B.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F911C2E.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\30DE56C0.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\30F252AA.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\3137445E.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\373A53AA.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\73203422.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\3BA412CE.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\43AB3F35.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\4EA754D3.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\34B64E0B.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\06145256.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\06177C52.class Infected: Trojan.Java.ClassLoader.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\048E4A54.htm Infected: Trojan-Downloader.JS.IstBar.k skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
D:\WINDOWS\system32\config\SYSTEM Object is locked skipped
D:\WINDOWS\system32\config\DEFAULT Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\Temp\ZLT06d1e.TMP Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\SoftwareDistribution\EventCache\{A7735457-24AE-46A2-A21F-CEF090824478}.bin Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
D:\WINDOWS\Internet Logs\DESKTOP.ldb Object is locked skipped
D:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\user\NTUSER.DAT.LOG Object is locked skipped
D:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007021020070211\index.dat Object is locked skipped
D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
D:\!KillBox\ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
D:\!KillBox\NDNuninstall6_98.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

Scan process completed.
Reply With Quote top
Reply

  RetouchPRO > Tools > Hardware


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Gary - anybody - help please? 1STLITE Hardware 78 02-25-2007 03:08 AM
Help needed with 1974 wedding photo bkpoltis Image Help 27 11-23-2005 01:23 PM
I picked a tough one..... Seawrenity Image Help 5 12-06-2004 03:21 PM
Hey Gary BigAl Salon 2 09-06-2002 11:16 AM


All times are GMT -6. The time now is 02:55 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright © 2016 Doug Nelson. All Rights Reserved