HJT Log Help - IANAG Forums

View Full Version : HJT Log Help

hiwass

04-17-2007, 01:41 PM

My Yahoo search link sometimes got redirected to different websites. I have Symantec AV which detected/quarantined the spyverify trojan. Ran Spybot & Ad-Aware and critical objects were removed but i'm still getting the page redirection. This doesn't happen on all Yahoo search result links just some and they're random. Any help on this problem is greatly appreciated. Here's the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 1:27:30 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\lotus\organize\easyclip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted IP range: http://10.0.0.20
O16 - DPF: {A433CB0A-9BA9-11D3-82DD-00105A932EC7} (IC.Startup.OCX) - http://10.0.0.20/IC/ICStartupOCX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxx.local
O17 - HKLM\Software\..\Telephony: DomainName = xxx.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxx.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

jholland1964

04-17-2007, 04:20 PM

couple of questions;
Did YOU personally add this to your trusted ip range?
O15 - Trusted IP range: http://10.0.0.20

Are these three entries exactly as shown in the log or did you personally change the portions I have bolded?

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxx.local
O17 - HKLM\Software\..\Telephony: DomainName = xxx.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxx.local

hiwass

04-18-2007, 08:14 AM

I added the Trust IP range and i edited out the domain name and replaced them with xxx.
Thanks

jholland1964

04-18-2007, 09:23 AM

If we can't see everything in the log, we cannot supply answers

hiwass

04-18-2007, 09:34 AM

it's stroudnb.local.
thanks

jholland1964

04-18-2007, 09:56 AM

Ok, you need to run all the steps here (http://forum.networktechs.com/showthread.php?t=49), exactly as given and then post back with the AVG Anti-spy log and a NEW HJT log.

hiwass

04-19-2007, 05:03 PM

I followed the steps and here are the logs. it's still redirecting me to some sites after i followed a Yahoo link (not all the times). If i do a search for cats in yahoo, and clicked on the second link (catsinfo.com), it briefly redirect me to http://6711-1610.partners.findology.com then http://www.catcaremadeeasy.com/register.php. thanks for the help.

Logfile of HijackThis v1.99.1
Scan saved at 4:47:08 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\suitest.exe
C:\program files\HijackThis\hjtscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcenter/fix_homepage/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupa
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A433CB0A-9BA9-11D3-82DD-00105A932EC7} (IC.Startup.OCX) - http://10.0.0.20/IC/ICStartupOCX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stroudnb.local
O17 - HKLM\Software\..\Telephony: DomainName = stroudnb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stroudnb.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:02:31 PM 4/19/2007

+ Scan result:

C:\WINDOWS\CSC\d1\80000BD0 -> TrackingCookie.247realmedia : Cleaned.
C:\WINDOWS\CSC\d2\80000BD1 -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\CSC\d2\80000BE1 -> TrackingCookie.Addynamix : Cleaned.
C:\WINDOWS\CSC\d6\80000D25 -> TrackingCookie.Adjuggler : Cleaned.
C:\WINDOWS\CSC\d4\80000D53 -> TrackingCookie.Adobe : Cleaned.
C:\WINDOWS\CSC\d5\80000DFC -> TrackingCookie.Adserver : Cleaned.
C:\WINDOWS\CSC\d1\80000BE8 -> TrackingCookie.Advertising : Cleaned.
C:\WINDOWS\CSC\d3\80000D02 -> TrackingCookie.Advertising : Cleaned.
C:\WINDOWS\CSC\d1\80000BF0 -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\CSC\d8\80000BFF -> TrackingCookie.Bfast : Cleaned.
C:\WINDOWS\CSC\d2\80000C01 -> TrackingCookie.Bluestreak : Cleaned.
C:\WINDOWS\CSC\d5\80000CDC -> TrackingCookie.Bridgetrack : Cleaned.
C:\WINDOWS\CSC\d6\80000D65 -> TrackingCookie.Burstbeacon : Cleaned.
C:\WINDOWS\CSC\d6\80000C05 -> TrackingCookie.Burstnet : Cleaned.
C:\WINDOWS\CSC\d7\80000D66 -> TrackingCookie.Burstnet : Cleaned.
C:\WINDOWS\CSC\d4\80000C0B -> TrackingCookie.Casalemedia : Cleaned.
C:\WINDOWS\CSC\d5\80000C0C -> TrackingCookie.Centrport : Cleaned.
C:\WINDOWS\CSC\d1\80000C18 -> TrackingCookie.Clickagents : Cleaned.
C:\WINDOWS\CSC\d2\80000C19 -> TrackingCookie.Clickbank : Cleaned.
C:\WINDOWS\CSC\d6\80000C1D -> TrackingCookie.Com : Cleaned.
C:\WINDOWS\CSC\d4\80000C2B -> TrackingCookie.Coremetrics : Cleaned.
C:\WINDOWS\CSC\d4\80000D23 -> TrackingCookie.Coremetrics : Cleaned.
C:\WINDOWS\CSC\d4\80000D33 -> TrackingCookie.Coremetrics : Cleaned.
C:\WINDOWS\CSC\d8\80000C2F -> TrackingCookie.Dealtime : Cleaned.
C:\WINDOWS\CSC\d8\80000D17 -> TrackingCookie.Dealtime : Cleaned.
C:\WINDOWS\CSC\d1\80000C38 -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\CSC\d8\80000C07 -> TrackingCookie.Enhance : Cleaned.
C:\WINDOWS\CSC\d2\80000C39 -> TrackingCookie.Esomniture : Cleaned.
C:\WINDOWS\CSC\d6\80000BED -> TrackingCookie.Falkag : Cleaned.
C:\WINDOWS\CSC\d4\80000C5B -> TrackingCookie.Fastclick : Cleaned.
C:\WINDOWS\CSC\d3\80000C62 -> TrackingCookie.Findwhat : Cleaned.
C:\WINDOWS\CSC\d1\80000C48 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d1\80000C78 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d2\80000C41 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d2\80000C49 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d3\80000C42 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d3\80000C4A -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d4\80000C43 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d4\80000C4B -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d5\80000C44 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d5\80000C4C -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d6\80000C45 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d6\80000C4D -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d6\80000CCD -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d7\80000C46 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d7\80000C4E -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d8\80000C47 -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\CSC\d2\80000C21 -> TrackingCookie.Hitslink : Cleaned.
C:\WINDOWS\CSC\d3\80000C22 -> TrackingCookie.Hitslink : Cleaned.
C:\WINDOWS\CSC\d8\80000CFF -> TrackingCookie.Information : Cleaned.
C:\WINDOWS\CSC\d4\80000D03 -> TrackingCookie.Liveperson : Cleaned.
C:\WINDOWS\CSC\d7\80000CF6 -> TrackingCookie.Liveperson : Cleaned.
C:\WINDOWS\CSC\d2\80000CA9 -> TrackingCookie.Mediaplex : Cleaned.
C:\WINDOWS\CSC\d6\80000CFD -> TrackingCookie.Msn : Cleaned.
C:\WINDOWS\CSC\d7\80000BFE -> TrackingCookie.Msn : Cleaned.
C:\WINDOWS\CSC\d4\80000D13 -> TrackingCookie.Netflame : Cleaned.
C:\WINDOWS\CSC\d5\80000CCC -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\CSC\d6\80000CC5 -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\CSC\d3\80000DC2 -> TrackingCookie.Paypal : Cleaned.
C:\WINDOWS\CSC\d6\80000BE5 -> TrackingCookie.Pointroll : Cleaned.
C:\WINDOWS\CSC\d8\80000CD7 -> TrackingCookie.Qksrv : Cleaned.
C:\WINDOWS\CSC\d3\80000CDA -> TrackingCookie.Questionmarket : Cleaned.
C:\WINDOWS\CSC\d1\80000CE0 -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\CSC\d2\80000DC9 -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\CSC\d7\80000CDE -> TrackingCookie.Realmedia : Cleaned.
C:\WINDOWS\CSC\d4\80000D43 -> TrackingCookie.Realtracker : Cleaned.
C:\WINDOWS\CSC\d7\80000CE6 -> TrackingCookie.Revenue : Cleaned.
C:\WINDOWS\CSC\d8\80000CE7 -> TrackingCookie.Revsci : Cleaned.
C:\WINDOWS\CSC\d5\80000C3C -> TrackingCookie.Ru4 : Cleaned.
C:\WINDOWS\CSC\d8\80000BDF -> TrackingCookie.Specificclick : Cleaned.
C:\WINDOWS\CSC\d6\80000D15 -> TrackingCookie.Starware : Cleaned.
C:\WINDOWS\CSC\d1\80000D18 -> TrackingCookie.Statcounter : Cleaned.
C:\WINDOWS\CSC\d1\80000D20 -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\CSC\d7\80000D2E -> TrackingCookie.Trafficmp : Cleaned.
C:\WINDOWS\CSC\d1\80000D30 -> TrackingCookie.Tribalfusion : Cleaned.
C:\WINDOWS\CSC\d5\80000D3C -> TrackingCookie.Valueclick : Cleaned.
C:\WINDOWS\CSC\d5\80000D04 -> TrackingCookie.Web-stat : Cleaned.
C:\WINDOWS\CSC\d7\80000D46 -> TrackingCookie.Web-stat : Cleaned.
C:\WINDOWS\CSC\d8\80000DE7 -> TrackingCookie.Web-stat : Cleaned.
C:\WINDOWS\CSC\d3\80000D1A -> TrackingCookie.Webtrendslive : Cleaned.
C:\WINDOWS\CSC\d6\80000BDD -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\CSC\d1\80000C08 -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\CSC\d7\80000DFE -> TrackingCookie.Zedo : Cleaned.

::Report end

KASPERSKY ONLINE SCANNER REPORT
Thursday, April 19, 2007 3:28:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/04/2007
Kaspersky Anti-Virus database records: 282187

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 62478
Number of viruses found 3
Number of infected objects 12 / 0
Number of suspicious objects 0
Duration of the scan process 00:48:24

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\287157db91391b8060dfb4f7d78102b8_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46fdad81341f6db9493b1626414467ba_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4923c1b89bb7a0cae8833aaac470f002_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d119c2f2657e8ca867de8b984476113c_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea6cf424f576bdbf56fa81921df84c1b_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7e245caae1e64b28f16eb1fcbee8074_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04192007-135630.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN/Counter.class Infected: Trojan.Java.ClassLoader.i skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN ZIP: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600001.VBN/Counter.class Infected: Trojan.Java.ClassLoader.i skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600001.VBN/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600001.VBN/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600001.VBN ZIP: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600001.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\athompson\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\athompson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\athompson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\athompson\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F72B79AE-0739-4682-90EE-60C115FE3E91} Object is locked skipped

C:\Documents and Settings\athompson\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\athompson\Local Settings\History\History.IE5\MSHist012007041720070418\index.dat Object is locked skipped

C:\Documents and Settings\athompson\Local Settings\History\History.IE5\MSHist012007041920070420\index.dat Object is locked skipped

C:\Documents and Settings\athompson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\athompson\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\athompson\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\DigitalPersona\Bin\finder.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0466NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0532NAV~.TMP Object is locked skipped

C:\RECYCLER\S-1-5-21-2344142679-2509354544-4052363174-1112\Dc29.exe/stream Infected: Trojan.Win32.DNSChanger.iv skipped

C:\RECYCLER\S-1-5-21-2344142679-2509354544-4052363174-1112\Dc29.exe NSIS: infected - 1 skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\CSC\00000002 Object is locked skipped

C:\WINDOWS\CSC\00000003 Object is locked skipped

C:\WINDOWS\CSC\d2\00000011 Object is locked skipped

C:\WINDOWS\CSC\d2\00000031 Object is locked skipped

C:\WINDOWS\CSC\d2\00000221 Object is locked skipped

C:\WINDOWS\CSC\d3\0000002A Object is locked skipped

C:\WINDOWS\CSC\d6\00000025 Object is locked skipped

C:\WINDOWS\CSC\d7\00000446 Object is locked skipped

C:\WINDOWS\CSC\d8\00000017 Object is locked skipped

C:\WINDOWS\CSC\d8\00000027 Object is locked skipped

C:\WINDOWS\CSC\d8\00000227 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\DigitalPersonaProEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_1ac.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

hiwass

04-19-2007, 05:18 PM

Also, if i hover the mouse over the search result it would show the link as http://www.catsinfo.com/ on a normal computer. on this messed up computer the shortcut point to http://rds.yahoo.com/_ylt=A0geu8n36SdG_XMBax9XNyoA;_ylu=X3oDMTE3NWQyOW1uBGNvbG8DZQRsA1dTMQRwb3MDMgRzZWMDc3IEdnRpZANGODYyXzEyMQ--/SIG=11cmb1665/EXP=1177107319/**http%3a//www.catsinfo.com/
thanks

jholland1964

04-19-2007, 06:10 PM

Empty your Norton Quarantine and run Kaspersky again and post the log.

hiwass

04-23-2007, 02:09 PM

Here's the Kaspersky scan after the Quarantine folder was purged.
thanks

KASPERSKY ONLINE SCANNER REPORT
Monday, April 23, 2007 2:06:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/04/2007
Kaspersky Anti-Virus database records: 283637
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 61318
Number of viruses found 2
Number of infected objects 5 / 0
Number of suspicious objects 0
Duration of the scan process 00:50:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\administrator.STROUDNB\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{78711C85-2EC1-4935-BB59-C0FA53060890} Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\Local Settings\History\History.IE5\MSHist012007041620070423\index.dat Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\Local Settings\History\History.IE5\MSHist012007042320070424\index.dat Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\administrator.STROUDNB\UserData\index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\287157db91391b8060dfb4f7d78102b8_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46fdad81341f6db9493b1626414467ba_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4923c1b89bb7a0cae8833aaac470f002_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55488bba44083b6ea75c393eeadfbb1d_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\805512dc721f8b4f4dd30730ac883ed9_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea6cf424f576bdbf56fa81921df84c1b_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7e245caae1e64b28f16eb1fcbee8074_c1000447-bc9a-47f4-8df7-085538d23173 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04192007-135630.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\athompson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\athompson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\athompson\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\athompson\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\DigitalPersona\Bin\finder.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0095NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0451NAV~.TMP Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\CSC\00000002 Object is locked skipped
C:\WINDOWS\CSC\00000003 Object is locked skipped
C:\WINDOWS\CSC\d2\00000011 Object is locked skipped
C:\WINDOWS\CSC\d2\00000021 Object is locked skipped
C:\WINDOWS\CSC\d3\00000012 Object is locked skipped
C:\WINDOWS\CSC\d3\00000022 Object is locked skipped
C:\WINDOWS\CSC\d4\00000013 Object is locked skipped
C:\WINDOWS\CSC\d5\0000001C Object is locked skipped
C:\WINDOWS\CSC\d6\00000015 Object is locked skipped
C:\WINDOWS\CSC\d6\00000025 Object is locked skipped
C:\WINDOWS\CSC\d7\000005BE Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\DigitalPersonaProEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1d8.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

jholland1964

04-23-2007, 02:47 PM

The quarantine folder was not emptied. These items still show in the folder;
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN CryptZ: infected - 3 skipped
Please go back into the Quarantine folder and empty out ALL. Then reboot and run a new Kaspersky scan.

Warning: include(/home/iamnotag/www/google_ad_square.htm) [function.include]: failed to open stream: No such file or directory in [path]/archive/topic.php on line 375

Warning: include() [function.include]: Failed opening '/home/iamnotag/www/google_ad_square.htm' for inclusion (include_path='.:/usr/local/lib/php') in [path]/archive/topic.php on line 375