![]() |
| |||||||
| Hardware Computers, displays, tablets, scanners, cameras, printers, etc. |
| | LinkBack | Thread Tools |
|
#1
| |||
| |||
| Gary - I need your help please! My computer has been acting really slowly lately. This is probably, in part, due to the fact that my hard drive is less than one Gb away from being choc a bloc! I am trying to hang in there for a while until I can afford to buy a whole new system - I have had this one for almost five years now. Perhaps I should also tell you that my Norton Antivirus expired a two months ago before I went on holiday and I still haven't got a new one. Whoops - don't scold me for that one! Also our apartment block is on a communal Internet connection. I have no idea how it works...all I know is that sometimes it is fast and sometimes it is slow. Am I in big trouble now and should I start backing up furiously? Usually when the computer starts crawling at a snails pace then this screen comes up but then if I hit Refresh it will redirect me again. The last two days, however, it has been more offline than online. I am starting to get worried. Any advice. Thanks Gary or, in fact, anyone who might be able to explain to me what is going on. Sincerely Syd |
|
#2
| ||||
| ||||
| Re: Gary - I need your help please! Syd, While waiting for Gary or one of the other knowledgeable folks to come by, take a look at this thread -- http://www.retouchpro.com/forums/har...lp-please.html If you can backup really important files, do it -- not just because there's a problem, but because we always should do it. There are free programs to scan for spyware and viruses -- while you're waiting, take a look at those and run one. Read what Gary says about the Hijack log -- wait for him if you have any questions about how to do anything, but start thinking about whether you've added any software lately, hardware, downloaded any funny email or programs from the internet, etc. -- something that might help Gary figure out what might be going on. |
|
#3
| |||
| |||
| Re: Gary - I need your help please! Hi Syd, Your screen shot shows a url for my.yahoo.com. That's suspicious to begin with. Who would know how much bandwidth you are using and why would they warn you about it if it were a virus/worm? Looks like a pop up ad that hit it's target. Always good advice to keep your system free of virus and use a firewall. Last edited by BillFrey; 02-06-2007 at 02:55 AM. Reason: typed wrong name |
|
#5
| |||
| |||
| Re: Gary - I need your help please! oops, sorry, CJ. When I scrolled to see the op's name I didn't realize the posts were in reverse order. I'll fix my reply. Apologies! |
|
#6
| ||||
| ||||
| Re: Gary - I need your help please! first of all you need to get your system protected and scanned, below is a free anti-virus and a free firewall. Both work very well and have never failed me. Fire wall http://www.zonelabs.com/store/conten...eeDownload.jsp Anti-Virus http://free.grisoft.com/doc/5390/lng...nti-virus-free Then the next thing I would do is get shut of the Yahoo toolbar you have installed in IE6. Toolbars are never a good thing IMHO. Run windows updates, and make sure you are fully up to date with those. If you can, update to IE7 ,as it is a bit more secure than IE6. If you can backup your files to CD/DVD and delete them from your system, this will help speed up your system. If you do that, defrag your hard drive after, to clean up the file placement on the drive. |
|
#7
| |||
| |||
| Re: Gary - I need your help please! CJ, Chris and Bill thanks so much for your advice. You guys are great. CJ, I am following Gary's advice in that thread right now and hopefully will have something to post for him soon. Chris, I do have Zonealarm and I will look into that Antivirus programme. My colleague at work mentioned AVG. It is free and, according to him, very good too. I had no idea that the toolbar might cause problems. I wouldn't even know how to remove it. Bill, I would never have thought to look at the URL. It looked so official to me and I just kept on wondering who or what Bandwidth Manager was! Thanks guys. Sincerely Syd |
|
#8
| ||||
| ||||
| Re: Gary - I need your help please! Hi Syd Sorry to hear you are having problems. I am sure that Gary will need to see your HJT log. You could upload it whilst waiting for Gary if you want to save a little time. Here are the instructions to post your log. Click here to download HJTsetup.exe, and save it to your desktop.
Ken. |
|
#9
| |||
| |||
| Re: Gary - I need your help please! Thanks so much Ken. Ok I have done everything as you have instructed and here are the results: Logfile of HijackThis v1.99.1 Scan saved at 下午 10:29:04, on 2007/2/6 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Wintab32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Norton AntiVirus\navapsvc.exe D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\WINDOWS\system32\ZONELABS\vsmon.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe D:\Program Files\QuickTime\qttask.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\system32\conime.exe D:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - D:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500" O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm O8 - Extra context menu item: 使用影音傳送帶下載 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - D:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=Http://www.synnex.com.tw/ O15 - Trusted Zone: http://office.microsoft.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{B02DC897-A387-4AE6-AD76-E98EA833946F}: NameServer = 168.95.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: Wintab32 - Unknown owner - D:\WINDOWS\system32\Wintab32.exe I haven't fixed anything just like you advised me to. Thanks so much for your help. Sincerely Syd |
|
#10
| |||
| |||
| Re: Gary - I need your help please! Right click My Computer, then click Manage. This will bring up the Computer Management window. Expand System Tools then click Event Viewer. Double click System in the Right Hand pane. Look for any Error indications (white cross on red background). If found, double click the entry and an Event Property window will open. We need details from that window, particularly the Event ID. _________________ Ok, I did this too and I have only one error: ID 4321 Syd |
|
#11
| ||||
| ||||
| Re: Gary - I need your help please! Hi Syd You do have some nasties in there. I am still in training at the Malware University and not yet allowed to help you, but I would suggest you do nothing more until Gary replies or he will need a fresh HJT log. I shall watch with interest as Gary fixes this. Ken. |
|
#12
| |||
| |||
| Re: Gary - I need your help please! Thanks Ken. I won't touch anything. I am too scared too! What I am doing right now is downloading the AVG Antivirus programme but I am not going to install it or uninstall Norton or anything like that. I am going to wait for Gary first. It is 11:15 at night over here so I will probably be going to bed in the next 45 mins or so and, therefore, might not receive any advice you or anyone else might give until tomorrow morning. Sincerely Syd |
|
#13
| ||||
| ||||
| Re: Gary - I need your help please! Hi Syd, Sorry I'm a bit late getting to this, had a few problems lately that needed dealing with, so just got on line. Before we get started I've a couple of questions. 1. Is Hinet, Chungwa Telecom Co. Ltd. Taipei, Taiwan anything to do with your ISP (Internet Service Provider). 2. How is Synnex concerned with your PC. I see some Oriental Translation programmes running on your computer, so I'm guessing the first is legit, but I'll wait your answers. You're using your D:\ drive as your default drive, so my auto systems weren't able to be used and I had to research your log manually, so that added a little time. OK, had a look through your log, and it's mostly clean, however there's an item showing that I'm interested in. I'd like you to check a file(s) for Viruses.
Quote:
It's quite possible you have Rootkitted processes running on your computer, so I'd like you to run some scans for me. Download GMER and unzip it to your Desktop. (It will create a folder GMER) Alternate Download Site
Please do an online scan with Kaspersky Online Scanner Note: You must be using Internet Explorer as your browser as it will be necessary to install an Active X component to your computer. Important If you have previously used Kaspersky Online Scanner (before 8th Aug 2006), you will have to uninstall the old version using Add/Remove Programs in Control Panel before you can use the new version. Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Post each log separately, so we don't exceed the post size limiter here. Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted. Last edited by Gary Richardson; 02-07-2007 at 09:26 AM. |
|
#14
| |||
| |||
| Re: Gary - I need your help please! Gary, firstly thank you so much for responding in such a detailed way. You're a star! Before we get started I've a couple of questions. 1. Is Hinet, Chungwa Telecom Co. Ltd. Taipei, Taiwan anything to do with your ISP (Internet Service Provider). 2. How is Synnex concerned with your PC. In response to 1 - Yes, Hinet is our ISP and Chungwa is the local Telecom company. Gary I am not sure what Synnex is. It sounds like something to do with Norton...or is that Symantec? Ok, the rest I will get onto right away. I am not sure how much I will be able to finish tonight (it is already after 12) but hopefully I should have everything posted by tomorrow afternoon. Thanks again for your willingness to help Gary. Sincerely Syd |
|
#15
| ||||
| ||||
| Re: Gary - I need your help please! Synnex is the website that this entry on your computer connects to. O14 - IERESET.INF: START_PAGE_URL=Http://www.synnex.com.tw/ It is what IE uses when it resets to default conditions, usually it is set by the computer manufacturer or machine administrator, but it can be used by an attacker for malicious purposes. In this case Synnex appears to be the retailer for your computer, (didn't find this info 1st time round), so the entry is likely to be legit. Just like to confirm things like this with the owner of the log I'm looking at. Always happy to help where I can, I'm monitoring this thread, so I'll be notified when you next post. |
|
#16
| |||
| |||
| Re: Gary - I need your help please! Ok Gary here is the first of your requests. Sorry I didn't know how to post the log except by hitting print sceen and taking it into photoshop. I have already downloaded gmer (sounds a bit like Khmer Rouge - lol) and will set about scanning immediately. If it takes a long time I will likely only post the results in the morning. Thanks Gary Syd |
|
#17
| ||||
| ||||
| Re: Gary - I need your help please! GMER is a Rootkit scanner, its name come from its creator, a Polish programmer Przemyslaw Gmerek, it's one of the best. Screen print of the Virus Total page is fine. OK, looks like the conime.exe file is the legit windows file, had to check as there is a Remote access programme BFGhost which uses a file of the same name, as far as I know in the same location (information I found wasn't too specific on this point). |
|
#18
| |||
| |||
| Re: Gary - I need your help please! I was curious and googled and found this info that might apply. Quote:
|
|
#19
| ||||
| ||||
| Re: Gary - I need your help please! Thanks Bill, I was aware of the legit Windows file, but where there is any doubt that it may have been replaced with a malicious file I always like to check by having the file scanned as Syd did. |
|
#20
| |||
| |||
| Re: Gary - I need your help please! Ok Gary here is the GMER report: GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-02-08 01:08:52 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT 8119FC20 ZwConnectPort SSDT \??\D:\WINDOWS\system32\vsdatant.sys ZwOpenProcess SSDT FFA458C0 ZwOpenThread ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EFA06E90] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EFA06E90] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EFA06E90] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EFA06E90] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EFA06E90] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EFA06E90] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EFA06E90] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EFA06E90] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [EFA06E90] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [EFA06E90] vsdatant.sys Device \Driver\AFD \Device\Afd IRP_MJ_CREATE [EFA00B50] vsdatant.sys Device \Driver\AFD \Device\Afd IRP_MJ_CLOSE [EFA00B50] vsdatant.sys Device \Driver\AFD \Device\Afd IRP_MJ_DEVICE_CONTROL [EFA00B50] vsdatant.sys Device \Driver\AFD \Device\Afd FastIoDeviceControl [EFA00510] vsdatant.sys ---- EOF - GMER 1.0.12 ---- Thanks for your help Gary. I am doing the Kaspersky scan right now but it looks like it is going to take ages and it has slowed my computer down to a snail's pace. I will post the results later. Thanks Syd |
|
#21
| ||||
| ||||
| Re: Gary - I need your help please! OK, that's clean as well, vsdatant is the driver for Zone Alarm (didn't need to look that one up as I have ZA on my box). Yes a Kaspersky scan is definitely an exercise in patience and can sometimes take hours, however it is very thorough and gives a very good log, also it doesn't "clean" anything so we don't have to worry about it doing any damage by removing something we'd later wish it hadn't. |
|
#22
| |||
| |||
| Re: Gary - I need your help please! Ok Gary here it is. It took a while and it seems that my computer is indeed infected. What do you think I should do? I went and downloaded the AVG Free Antivirus Programme off the Net on Tuesday but as of yet haven't installed it . My Norton is still operational even though it can't be updated bcause it has expired. I know I will have to uninstall Norton before I install the new one. Anyway I won't do anything until I have hear from you. As always thanks so much for your time and patience Gary. Sincerely Syd ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, February 08, 2007 9:11:49 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/02/2007 Kaspersky Anti-Virus database records: 265913 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 119526 Number of viruses found: 13 Number of infected objects: 29 / 0 Number of suspicious objects: 5 Duration of the scan process: 04:19:53 Infected Object Name / Virus Name / Last Action C:\Program Files\Norton AntiVirus\Quarantine\021540D6.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\02186AD3.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\000C2914.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\2F0D2860.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\26C147E1.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\2F774C4B.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\2F911C2E.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\30DE56C0.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\30F252AA.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\3137445E.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\373A53AA.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\73203422.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\3BA412CE.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\43AB3F35.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\4EA754D3.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\34B64E0B.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\06145256.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\06177C52.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\048E4A54.htm Infected: Trojan-Downloader.JS.IstBar.k skipped C:\goldcodec.997.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.baz skipped C:\goldcodec.997.exe/stream Infected: Trojan-Downloader.Win32.Zlob.baz skipped C:\goldcodec.997.exe NSIS: infected - 2 skipped C:\goldcodec.997.exe UPX: infected - 2 skipped C:\goldcodec.997.exe PE_Patch.UPX: infected - 2 skipped D:\WINDOWS\system32\config\system.LOG Object is locked skipped D:\WINDOWS\system32\config\software.LOG Object is locked skipped D:\WINDOWS\system32\config\default.LOG Object is locked skipped D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SECURITY Object is locked skipped D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped D:\WINDOWS\system32\config\SYSTEM Object is locked skipped D:\WINDOWS\system32\config\DEFAULT Object is locked skipped D:\WINDOWS\system32\config\SAM Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped D:\WINDOWS\system32\h323log.txt Object is locked skipped D:\WINDOWS\Temp\ZLT0657f.TMP Object is locked skipped D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped D:\WINDOWS\Sti_Trace.log Object is locked skipped D:\WINDOWS\wiaservc.log Object is locked skipped D:\WINDOWS\wiadebug.log Object is locked skipped D:\WINDOWS\SchedLgU.Txt Object is locked skipped D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped D:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped D:\WINDOWS\Internet Logs\DESKTOP.ldb Object is locked skipped D:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped D:\WINDOWS\NDNuninstall6_98.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped D:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\user\NTUSER.DAT.LOG Object is locked skipped D:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\user\Cookies\index.dat Object is locked skipped D:\Documents and Settings\user\NTUSER.DAT Object is locked skipped D:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped D:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped D:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped D:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped D:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped D:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped D:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped D:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped D:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped D:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped D:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped D:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped D:\Program Files\Norton AntiVirus\Quarantine\2924786E.htm Infected: Trojan-Clicker.HTML.IFrame.b skipped D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar ZIP: infected - 3 skipped D:\Program Files\Norton AntiVirus\Quarantine\2927226A.jar CryptFF: infected - 3 skipped D:\Program Files\Norton AntiVirus\Quarantine\292E7663.htm Infected: Trojan-Clicker.HTML.IFrame.b skipped D:\Program Files\Norton AntiVirus\Quarantine\18825CC9.exe Infected: Trojan-Downloader.Win32.Agent.aey skipped D:\Program Files\Yahoo!\YPSR\Quarantine\ppqFB.tmp\ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped Scan process completed. |
|
#23
| ||||
| ||||
| Re: Gary - I need your help please! Hi Syd, Kaspersky logs are always scary at first view, but actually your system is not so bad as the log looks. Many of the flagged items are locked because the parent process is still active, and thus they cannot be scanned. Can't see any Malicious processes among them, for the most part they are logs and Dat files for legit processes. There are also a number of Quarantined items in Norton, these are encrypted and as such are no threat to your computer. But as you're wanting to remove Norton we'll delete them anyway. There are however a couple of things that need looking at. Download Pocket Killbox and install it to your Desktop. Do not run it yet.
Quote:
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, download and run missingfilesetup.exe. Then try Killbox again. Now delete the contents of this folder (in bold). C:\Program Files\Norton AntiVirus\Quarantine <- Do not delete the folder itself. Download CCleaner to clean temp files from your computer.
As you say your definitions for Norton are no longer current, the programme is no use at all, and you should remove it from your computer. Uninstalling Norton is known to give problems, so to best avoid these. Go to HERE, downloading the Removal Tool to your computer (the one that comes with your copy of Norton is usually not very good). Disconnect from the internet before Uninstalling Norton. Double click on the tool to remove Norton from your computer. Once uninstalled Reboot your computer before installing the AVG Anti-Virus you have already downloaded. Now run a new HJT scan on your computer and post the log back here (there will probably STILL be components for Norton that need removing from your computer). I could also do with an Uninstall list from you. Creating an Uninstall List
We'll probably need to do another Kaspersky scan to make sure we've removed those items successfully, but I'd wait until we've got rid of Norton properly from your Computer before we do that. Last edited by Gary Richardson; 02-08-2007 at 11:08 AM. |
|
#24
| |||
| |||
| Re: Gary - I need your help please! Ok Gary...whew! that was another marathon at the computer. I downloaded Killbox and deleted those three files. I then downloaded CCleaner and did exactly as you said except I couldn't find this: Uncheck Only delete files in Windows Temp folders older than 48 hours. So I ran the scan anyway and it deleted 168mb Wow! I have always just deleted my temporary files by right clicking on my C: drive and then clicking the clean button. And when I finished I checked back on your notes and found that the above button was under the Advanced Tab so I went and unchecked it. I ran scan again but it said there was nothing to be deleted. Do you think it will make a big difference? Ok, then I downloaded the Removal Tool and that all went smoothly. (An aside here Gary: thank you for you very detailed, meticulously set out exceptionally clear instructions - oh boy! does Microsoft need someone like you) The only thing it didn't remove was the desktop icon. I suppose I could just drag that into the recycle bin. Next I installed AVG. I did as I was prompted. (If I sound very obedient here it is not, necessarily, that I always do as I am told. It is just that, in the matter of computers, I make no pretences about my ignorance). It asked me if I wanted to scan right there and then which I did but it was taking ages (you get to choose between a fast scan which uses more memory and a slow scan which uses less and, seeing that from now on I will be doing a daily scan - you have reformed me - I chose the slower one) and so I stopped the scan. Moreover I wanted to get you the next HJT log before I have to go out. And here it is. Next I will do the Uninstall log as you said and then perhaps while I am out this afternoon I will let AVG do a scan but, don't worry, I won't let it fix anything. I wait until I hear from you later. Regards Syd Logfile of HijackThis v1.99.1 Scan saved at 上午 11:54:41, on 2007/2/9 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Wintab32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\WINDOWS\system32\ZONELABS\vsmon.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe D:\Program Files\QuickTime\qttask.exe D:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\Program Files\Grisoft\AVG Free\avgcc.exe D:\Program Files\Internet Explorer\iexplore.exe D:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - D:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500" O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download all by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=Http://www.synnex.com.tw/ O15 - Trusted Zone: http://office.microsoft.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{B02DC897-A387-4AE6-AD76-E98EA833946F}: NameServer = 168.95.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: Wintab32 - Unknown owner - D:\WINDOWS\system32\Wintab32.exe |
|
#25
| |||
| |||
| Re: Gary - I need your help please! Gary Here is the Uninstall list as requested. Nope, it looks like Symantec is good and truly gone. Even I can tell that. Thanks to you I have become quite and expert on these things of late! LOL Don't worry I won't be giving out any advice! Here is the log and I am running AVG at the moment. I shall wait for your instructions and perhaps run Kaspersky again tonight before I go to bed. Sincerely Syd ACDSee 5.0 PowerPack Adobe Acrobat 5.0 Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Help Center 1.0 Adobe Illustrator CS Adobe Photoshop 7.0 Adobe Photoshop CS Adobe Photoshop CS2 Adobe Stock Photos 1.0 Adobe SVG Viewer 3.0 ArcSoft PhotoImpression AVG Free Edition CCleaner (remove only) Curves 2 Demo Dr.eye 譯典通 6.0 (專業版) Dr.eye 譯典通 6.0 (專業版) 辭典和辭書 eDonkey2000 EPSON CardMonitor EPSON Copy Utility EPSON Copy Utility 3 EPSON Photo Print EPSON PhotoQuicker3.5 EPSON PhotoStarter3.1 EPSON PRINT Image Framer Tool2.1 EPSON Printer Software EPSON Scan EPSON Smart Panel EPSON TWAIN 5 EPSON Web-To-Page ESCX3500 Reference Guide ESCX3500 Software Guide GML Matting 0.1 HijackThis 1.99.1 iTunes Kaspersky Online Scanner KnockOut 2 Macromedia Shockwave Player Microsoft Office Word 2003 Step by Step Microsoft Office XP Professional with FrontPage Microsoft Office XP Web Components MSN Messenger 7.5 Neat Image v5.0 Pro+ Nero 6 Ultra Edition Net Transport 1.93.276 with FTP Transport 0.91 Pando Photo Resize Magic 1.0 PIF DESIGNER2.1 PowerDVD QuickGamma 2.0.0.3 QuickTime Random Word Generator Realtek AC'97 Audio ScanToWeb SiS 650GX Spybot - Search & Destroy 1.4 TuneUp Utilities 2006 USB Tablet Driver Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 安全性更新 (KB911565) Windows Media Player 10 安全性更新 (KB917734) Windows Media Player 6.4 安全性更新 (KB925398) Windows Media Player 安全性更新 (KB911564) Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB886677 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 Windows XP 安全性更新 (KB890046) Windows XP 安全性更新 (KB893066) Windows XP 安全性更新 (KB893756) Windows XP 安全性更新 (KB896358) Windows XP 安全性更新 (KB896422) Windows XP 安全性更新 (KB896423) Windows XP 安全性更新 (KB896424) Windows XP 安全性更新 (KB896428) Windows XP 安全性更新 (KB896688) Windows XP 安全性更新 (KB899587) Windows XP 安全性更新 (KB899588) Windows XP 安全性更新 (KB899591) Windows XP 安全性更新 (KB900725) Windows XP 安全性更新 (KB901017) Windows XP 安全性更新 (KB901190) Windows XP 安全性更新 (KB901214) Windows XP 安全性更新 (KB902400) Windows XP 安全性更新 (KB904706) Windows XP 安全性更新 (KB905414) Windows XP 安全性更新 (KB905749) Windows XP 安全性更新 (KB905915) Windows XP 安全性更新 (KB908519) Windows XP 安全性更新 (KB908531) Windows XP 安全性更新 (KB911280) Windows XP 安全性更新 (KB911562) Windows XP 安全性更新 (KB911567) Windows XP 安全性更新 (KB911927) Windows XP 安全性更新 (KB912812) Windows XP 安全性更新 (KB912919) Windows XP 安全性更新 (KB913446) Windows XP 安全性更新 (KB913580) Windows XP 安全性更新 (KB914388) Windows XP 安全性更新 (KB914389) Windows XP 安全性更新 (KB916281) Windows XP 安全性更新 (KB917159) Windows XP 安全性更新 (KB917344) Windows XP 安全性更新 (KB917422) Windows XP 安全性更新 (KB917953) Windows XP 安全性更新 (KB918439) Windows XP 安全性更新 (KB918899) Windows XP 安全性更新 (KB919007) Windows XP 安全性更新 (KB920213) Windows XP 安全性更新 (KB920214) Windows XP 安全性更新 (KB920670) Windows XP 安全性更新 (KB920683) Windows XP 安全性更新 (KB920685) Windows XP 安全性更新 (KB921398) Windows XP 安全性更新 (KB921883) Windows XP 安全性更新 (KB922616) Windows XP 安全性更新 (KB922760) Windows XP 安全性更新 (KB922819) Windows XP 安全性更新 (KB923191) Windows XP 安全性更新 (KB923414) Windows XP 安全性更新 (KB923689) Windows XP 安全性更新 (KB923694) Windows XP 安全性更新 (KB923980) Windows XP 安全性更新 (KB924191) Windows XP 安全性更新 (KB924270) Windows XP 安全性更新 (KB924496) Windows XP 安全性更新 (KB925454) Windows XP 安全性更新 (KB925486) Windows XP 安全性更新 (KB926255) Windows XP 安全性更新 (KB929969) Windows XP 更新 (KB894391) Windows XP 更新 (KB896727) Windows XP 更新 (KB898461) Windows XP 更新 (KB900485) Windows XP 更新 (KB910437) Windows XP 更新 (KB916595) Windows XP 更新 (KB920872) Windows XP 更新 (KB922582) World Machine 1.25 Basic Edition (remove only) Yahoo! Anti-Spy Yahoo! extras Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo!奇摩捷徑列 ZoneAlarm 綜合所得稅結算電子申報繳稅系統 |
|
#26
| ||||
| ||||
| Re: Gary - I need your help please! Post 1 of 2 Hi Syd, Well as expected Norton didn't come out entirely cleanly, so we've got a service that needs removing. First we'll need to disable Spybot's Tea-Timer facility, as it will interfere with what we're trying to do. To disable Spybot S&D TeaTimer
OK, now to get down to removing the service.
Also note the "" and the spaces in the service name, they are important. Now run a scan with HJT, when it is finished check the following item. O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Now close all open Windows and click Fix Checked to remove it. Now find and delete the following folders (in bold). D:\Program Files\Common Files\Symantec Shared D:\Program Files\Symantec (Note: Second folder may be named differently, but will be readily identifiable as a Norton/Symantec folder.) Re-enable Spybot Tea-Timer. To enable Spybot S&D TeaTimer
Now can you run another Kaspersky scan please, and send me the log for that and a new HJT log please. Looking through your Uninstall list at the moment, if I find anything of concern I'll post further instructions. Last edited by Gary Richardson; 02-09-2007 at 02:41 AM. |
|
#27
| ||||
| ||||
| Re: Gary - I need your help please! Post 2 of 2 Hi Syd, OK looked through your Uninstall list. I see you've got eDonkey2000 installed on your machine. P2P programmes in general are not a good idea from a security point of view, many of them come "packaged" with other undesirable programs (eDonkey is one of these), and even the "clean" packages are unsafe. You are downloading programs from uncertified "servers" that you have no way to check, and a large amount of malware is spread this way. My advice is to Uninstall eDonkey2000 using Add/Remove Programs in Control Panel. If you really feel you just have to have a P2P program, check this page for details of unpackaged "clean" applications. http://p2p.malwareremoval.com/ The last entry in your Uninstall list is just a series of ??????????, this is probably because it is using Oriental Characters (Windows defaults to ? when it can't read the character), any idea what it might be? (Probably OK, but best to check as Malware sometimes uses this method as a means to avoid detection). |
|
#28
| |||
| |||
| Re: Gary - I need your help please! Gary you're a star for spending so much time on this. I really appreciate it. Thank you so much. I opened the Advanced mode in Spybot and went to Tools>Resident but found that the Tea Timer was unchecked already! Don't know how that happened as it definitely isn't anything I would have fiddled with before. Anyway, so as there was no need to restart my computer I went straight to Run and executed the two commands you told me to. Then I did and HJT log but I couldn't find the entry you told me to look for. Just incase I am being a real idiot and it is staring me right in the face and I can't see it, I have included the HJT log for you to look at. Will take your advice and remove eDonkey. The last entry in the Uninstall log is a programme for submitting Income Tax online. It is in Chinese so you wouldn't have been able to read the characters. In fact there is quite a lot of Chinese in the Uninstall Log. My browser and Windows are all in Chinese so all those updates and service packs are too. Hee is the HJT log for you to check. I have no idea where that entry is. I will start the Kaspersky scan now. Oh, and I ran AVG this afternoon and it found two viruses. It Found and deleted two Viruses. I didn't ask it to delete: it just did that on its own. Unfortunately you can't seem save it as a log but I will type the details for you here. I think the one is just the entry for the virus that Killbox deleted. So that is pretty is pretty good isn't it. It even deletes the reference to the virus! It makes me feel quite confident. Object Name: goldcodec.997.exe Object Path : D:\!KillBox\ Discovery : Trojan Horse Downloader.Zlob.DX File size ; 50.57 KB (51779 bytes) Object Name: A0048698.exe Object Path : C:\System Voume Information\_restore{D341 39E 4-9BE4-4AEC Discovery : Virus identified worm/Generic.VF File size : 46.5 KB (47616 bytes) sincerely Syd Logfile of HijackThis v1.99.1 Scan saved at 下午 10:12:29, on 2007/2/9 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Wintab32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\ZONELABS\vsmon.exe D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe D:\Program Files\QuickTime\qttask.exe D:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\Program Files\Grisoft\AVG Free\avgcc.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\system32\conime.exe D:\HJT\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - D:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500" O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\RunOnce: [UNINST1] rundll32 D:\DOCUME~1\user\LOCALS~1\Temp\UninstManager.dll,UninstallFinalizeFromNonMsiCaller {AC76BA86-0000-0000-0000-000000000000} O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download all by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=Http://www.synnex.com.tw/ O15 - Trusted Zone: http://office.microsoft.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{B02DC897-A387-4AE6-AD76-E98EA833946F}: NameServer = 168.95.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: Wintab32 - Unknown owner - D:\WINDOWS\system32\Wintab32.exe |
|
#29
| ||||
| ||||
| Re: Gary - I need your help please! OK, Seems the registry entry was removed when we removed the service (HJT is not always 100% reliable in this regard), so no problem there. The viruses found were as follows. 1. Was the backup file created by Killbox when you removed it, it is encrypted so no risk to you, the fact that AVG removed it is no problem as we're highly unlikely to want to restore it. 2. The other shows an infected restore point. Some infections contaminate your System Restore points. I usually wait till I'm sure your computer is clean before cleaning out your restore points, they can't infect you unless you perform a System Restore. Best to leave them till the end, just on the highly unlikely case that we screw something up, better an infected RP than no RP. No problem that AVG disinfected that entry. Latest HJT log looks clean. Can you run a new Kaspersky scan for me please, just so I can make sure everything's come off cleanly. |
|
#30
| |||
| |||
| Re: Gary - I need your help please! Ok Gary ran Kaspersky last night and this is what it came up with. It still found a whole lot but they all seem to be quarantined or locked so I suppose they are no threat? I have also had the guy from the ADSL company around this morning (because my computer has just being going offline at will and I thought it might be related to some virus) but it seems my wireless connection box (the receiver thingy) might not be stable. Anyway he didin't have a spare with him ( and of course when he was here it acted fine) but said if it continued I should phone him again and he will bring a replacement. I will do another HJT scan and post the results immediately. Sincerely Syd ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, February 10, 2007 8:22:55 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 9/02/2007 Kaspersky Anti-Virus database records: 266463 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 105423 Number of viruses found: 9 Number of infected objects: 16 / 0 Number of suspicious objects: 5 Duration of the scan process: 03:22:36 Infected Object Name / Virus Name / Last Action C:\Program Files\Norton AntiVirus\Quarantine\021540D6.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\02186AD3.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\000C2914.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\2F0D2860.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\26C147E1.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\2F774C4B.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\2F911C2E.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\30DE56C0.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\30F252AA.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\3137445E.htm Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton AntiVirus\Quarantine\373A53AA.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\73203422.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\3BA412CE.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\43AB3F35.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\4EA754D3.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\34B64E0B.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\06145256.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\06177C52.class Infected: Trojan.Java.ClassLoader.v skipped C:\Program Files\Norton AntiVirus\Quarantine\048E4A54.htm Infected: Trojan-Downloader.JS.IstBar.k skipped D:\WINDOWS\system32\config\system.LOG Object is locked skipped D:\WINDOWS\system32\config\software.LOG Object is locked skipped D:\WINDOWS\system32\config\default.LOG Object is locked skipped D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SECURITY Object is locked skipped D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped D:\WINDOWS\system32\config\SYSTEM Object is locked skipped D:\WINDOWS\system32\config\DEFAULT Object is locked skipped D:\WINDOWS\system32\config\SAM Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped D:\WINDOWS\system32\h323log.txt Object is locked skipped D:\WINDOWS\Temp\ZLT06d1e.TMP Object is locked skipped D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped D:\WINDOWS\Sti_Trace.log Object is locked skipped D:\WINDOWS\wiaservc.log Object is locked skipped D:\WINDOWS\wiadebug.log Object is locked skipped D:\WINDOWS\SchedLgU.Txt Object is locked skipped D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped D:\WINDOWS\SoftwareDistribution\EventCache\{A7735457-24AE-46A2-A21F-CEF090824478}.bin Object is locked skipped D:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped D:\WINDOWS\Internet Logs\DESKTOP.ldb Object is locked skipped D:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\user\NTUSER.DAT.LOG Object is locked skipped D:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007021020070211\index.dat Object is locked skipped D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\user\Cookies\index.dat Object is locked skipped D:\Documents and Settings\user\NTUSER.DAT Object is locked skipped D:\!KillBox\ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped D:\!KillBox\NDNuninstall6_98.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped Scan process completed. |
| Thread Tools | |
| |
| | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Gary - anybody - help please? | 1STLITE | Hardware | 78 | 02-25-2007 03:08 AM |
| Help needed with 1974 wedding photo | bkpoltis | Image Help | 27 | 11-23-2005 01:23 PM |
| I picked a tough one..... | Seawrenity | Image Help | 5 | 12-06-2004 03:21 PM |
| Hey Gary | BigAl | Salon | 2 | 09-06-2002 11:16 AM |