View Full Version : Embedded ads, NSIS, security padlock disappearing, errors on webpages
Hi
On random webpages an ad for Amazon appears to embed itself on the top of the page sometimes even overlapping the text and graphics on the page. Also when going to secure sites the padlock will briefly appear then disappear. There will also be an error message in the bottom left corner of the browser (IE7). Spybot picked up NSIS Media Extensions, which were removed when Spybot ran in Safe Mode. An issue that keeps occuring when running spybot is that it keeps listing a windows security disable problem. Any help appreciated. Thanks!
Here is the HJT log. The Kapersky log doesnt fit on this same posting. I will post as the next entry if this is ok:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:01 PM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\KService\KService.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: wssclient - {8D99D2A3-317C-4929-8A5D-21140259D93A} - c:\PROGRA~1\wss.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://johnnydrakos.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148417387109
O16 - DPF: {7ED09FF6-D76F-48FB-B056-A092324E3A0E} (FrontdoorHSBC Profile Manager Class) - https://client.ebank.hsbc.com.au/hsbc/frontdoorHSBC.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11920 bytes
Hi
And here is the kapersky results, Part 1:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 04, 2007 10:54:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/11/2007
Kaspersky Anti-Virus database records: 451311
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 81237
Number of viruses found: 4
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:17:20
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173296841jtun_ncodat70307006-70307007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173322950jtun_ncodat70307007-70308001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173365060jtun_70307033.zip.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173377479jtun_ncodat70308003-70308005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173420370jtun_ncodat70308005-70309002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173456989jtun_ncodat70309004-70309005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173473327jtun_70309035.zip.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173539170jtun_ncodat70310005-70310006.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173642725jtun_ncodat70310006-70311001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173674168jtun_ncodat70311001-70312002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173719198jtun_ncodat70312002-70312008.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173736859jtun_enfwc318.319.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173747486jtun_allcc0303.x00.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173819369jtun_70313023.zip.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173852074jtun_ncodat70313005-70314002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173888242jtun_nav2k7en70313018.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174068987jtun_nav2k7en70315018.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174075282jtun_70316037.zip.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174134069jtun_ncodat70317003-70317005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174161673jtun_ncodat70317007-70317008.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174222568jtun_ncodat70318003-70318005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174245551jtun_nav2k7en70317017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174284670jtun_ncodat70318008-70319002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174325195jtun_ncodat70319002-70319007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174334068jtun_70319024.zip.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174492746jtun_nav2k7en70320018.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174600419jtun_70320035.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174660892jtun_ncodat70323002-70323006.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174682618jtun_70322038.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174760620jtun_nav2k7en70323033.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174842678jtun_ncodat70325001-70325002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174881376jtun_ncodat70325002-70326001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1175353111jtun_nav2k7en70330018.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1175446968jtun_nav2k7en70331004.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1175483617jtun_ncodat70331003-70401002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176097217jtun_ncodat70406005-70409001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176144290jtun_70406024.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176158321jtun_enfwc322.323.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176224744jtun_coh32.rar.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176307084jtun_nav2k7en70410022.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176404384jtun_pif1_2.x00.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176434091jtun_ncodat70411003-70412002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176486857jtun_nav2k7en70412048.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176545476jtun_ncodat70414001-70414002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176570264jtun_nav2k7en70413032.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176657308jtun_nav2k7en70414006.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176748578jtun_ncodat70415004-70416002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176999325jtun_nav2k7en70418024.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177005451jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_nav2k7en70419017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177193176jtun_nav2k7en70420017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177368447jtun_enfwc324.325.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177447761jtun_cohdata.rar.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177466781jtun_ncodat70423002-70425002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177526787jtun_nav2k7en70424020.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177560380jtun_ncodat70425002-70426002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177606866jtun_nav2k7en70425033.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177686977jtun_ncodat70427001-70427004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177706230jtun_70426035.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177754478jtun_ncodat70428001-70428002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177779394jtun_nav2k7en70427033.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177862248jtun_nav2k7en70428017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177915883jtun_ncodat70430004-70430005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177958383jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177975994jtun_enfwc325.326.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178035718jtun_nav2k7en70430018.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178123051jtun_nav2k7en70501017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178134339jtun_70430025.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178203583jtun_ncodat70503004-70503007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178250385jtun_ncodat70503007-70504002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178296034jtun_ncodat70504002-70504005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178345489jtun_ncodat70504005-70504006.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178423485jtun_ncodat70505001-70506001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178468640jtun_nav2k7en70505017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178662036jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178768784jtun_ncodat70509009-70510004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178821122jtun_nav2k7en70509019.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178898143jtun_ncodat70511003-70511005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178908506jtun_70510034.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178984436jtun_nav2k7en70511019.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179043885jtun_ncodat70513001-70513006.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179061887jtun_ncodat70513007-70513008.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179158170jtun_nav2k7en70513004.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179179778jtun_enfwc328.329.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179334891jtun_ncodat70516004-70516007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179686380jtun_nav2k7en70516017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179764494jtun_nav2k7en70520017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179789953jtun_enfwc329.330.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179853881jtun_ncodat70522003-70522007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179854937jtun_ecfw0509.x00.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179902596jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179943290jtun_ncodat70523003-70523006.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179974184jtun_ncodat70523006-70524003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180041146jtun_nav2k7en70523018.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180068337jtun_ncodat04md25.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180114145jtun_nav2k7en70524035.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180117590jtun_ncodat70525007-70525008.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180201165jtun_nav2k7en70525032.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180258289jtun_ncodat70527004-70527005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180280899jtun_nav2k7en70526023.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180337186jtun_ncodat70527008-70528005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180356687jtun_ncodat70528006-70528007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180377691jtun_ncodat70528007-70528010.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180499838jtun_enfwc330.331.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180549540jtun_nav2k7en70529034.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180584095jtun_ncodat70530005-70531001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180632992jtun_ncodat70531003-70531005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180659690jtun_ncodat70531005-70531006.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180726681jtun_70531039.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180850869jtun_ncodat70531006-70602003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180887927jtun_nav2k7en70602004.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180925559jtun_ncodat70603003-70603004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180996569jtun_enfwc331.332.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181410110jtun_nav2k7en70604017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181491247jtun_nav2k7en70609007.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181577560jtun_nav2k7en70610006.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181681321jtun_nav2k7en70611022.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181764924jtun_nav2k7en70612009.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181770610jtun_70609020.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181800948jtun_ncodat70613004-70614001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181855015jtun_70613041.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181867374jtun_ncodat70614001-70614006.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1182204809jtun_enfwc334.335.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1184801760jtun_nisenidcurd25.x86 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1184862286jtun_nav2k7en70718019.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1184905314jtun_ncodat70719002-70719004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1184982397jtun_ncodat70719004-70720005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185038913jtun_ncodat70720005-70721002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185122392jtun_nav2k7en70721005.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185160356jtun_ncodat70722002-70723001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185212430jtun_ncodat70723001-70723004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185251309jtun_ncodat70723004-70724002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185298186jtun_ncodat70724002-70724004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185389711jtun_nav2k7en70724016.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185481590jtun_enpc0720.x05.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185724886jtun_nav2k7en70728005.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185764788jtun_ncodat70729003-70730001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186081241jtun_ncodat70801005-70802003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186096842jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186169803jtun_ncodat70803005-70803008.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186180111jtun_nav2k7en70802020.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186265199jtun_ncodat70803008-70804002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186360746jtun_nav2k7en70804020.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186415322jtun_nav2k7en70805035.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186434518jtun_ncodat70806002-70806004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186508584jtun_nav2k7en70806009.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186514208jtun_ncodat70806004-70807002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186590880jtun_nav2k7en70807018.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186622919jtun_ncodat70808004-70809001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186697960jtun_the_syknapps_engine.zip.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186898443jtun_ncodat70811003-70812003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186929873jtun_ncodat70812005-70812007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186945114jtun_ncodat70812007-70812009.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187023839jtun_ncodat70813001-70813008.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187070641jtun_ncodat70813010-70814003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187118020jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187547628jtun_nav2k7en70818007.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187631035jtun_ncodat70820001-70820004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187662115jtun_ncodat70820004-70821001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187716245jtun_ncodat70821001-70821003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187722847jtun_ncodat70821003-70821004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187737982jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187800244jtun_ncodat70822002-70822004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187839118jtun_ncodat70822004-70823001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187895581jtun_nav2k7en70822009.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1187982862jtun_nav2k7en70823021.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188056734jtun_nav2k7en70824023.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188193240jtun_ncodat70825002-70827002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188235466jtun_ncodat70827006-70827007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188251028jtun_the_syknapps_engine.zip.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188315158jtun_ncodat70828002-70828007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188339014jtun_70824034.skn.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188348040jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188404420jtun_nav2k7en70828017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188489639jtun_ncodat70830002-70830007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188656317jtun_ncodat70901003-70901005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188687648jtun_ncodat70901005-70901009.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188750029jtun_nav2k7en70901006.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188792163jtun_ncodat70902003-70903002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188836296jtun_nav2k7en70902006.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188885639jtun_ncodat70903009-70904003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188921299jtun_nav2k7en70903017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1188932921jtun_ncodat70904007-70904008.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189003842jtun_ncodat70905003-70905004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189024720jtun_nav2k7en70904008.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189095574jtun_nav2k7en70905023.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189133440jtun_nisenid06md25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189179788jtun_nav2k7en70906009.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189267185jtun_ncodat70908003-70908005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189319919jtun_ncodat70908006-70909002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189350760jtun_ncodat70909004-70909006.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189383464jtun_tortoise.x00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189483481jtun_ncodat70910002-70911002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189528810jtun_nav2k7en70910022.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189576154jtun_ncodat70911007-70912002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189662524jtun_ncodat70912008-70913002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189709469jtun_ncodat70913002-70913008.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189733564jtun_ncodat70913008-70914001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1189785938jtun_nav2k7en70913017.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190053228jtun_nav2k7en70914008.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190147743jtun_the_scd.zip.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190151613jtun_ecfw0906.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190227946jtun_coh32.rar Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190262384jtun_nav2k7en70918007.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190305592jtun_enap0918.x00.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190315687jtun_cohdata.rar Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190390572jtun_ncodat70920007-70921002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190415149jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190511555jtun_nav2k7en70921019.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190648324jtun_ncodat70922003-70924003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190675450jtun_the_scd.zip.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190743128jtun_ncodat70924007-70925005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190782013jtun_ncodat70925005-70926002.x01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190830172jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190870811jtun_ncodat70926004-70927002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190911851jtun_ncodat70927002-70927007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190957327jtun_ncodat70927007-70928002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1190997527jtun_ncodat70928002-70928007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191051168jtun_ncodat70928009-70929003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191083542jtun_nav2k7en70928016.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191167206jtun_ncodat70930001-70930002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191258715jtun_nav2k7en70930018.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191283665jtun_hare.x01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191343126jtun_ncodat71002001-71002002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191380937jtun_ncodat71002002-71003001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191633319jtun_ncodat71005005-71005007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191688662jtun_nav2k7en71005009.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191776824jtun_nav2k7en71006007.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191862873jtun_nav2k7en71007006.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191908356jtun_ncodat71008002-71009002.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191952755jtun_ncodat71009002-71009004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191976156jtun_ncodat71009004-71009007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192039163jtun_ncodat71010003-71010004.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192070955jtun_ncodat71010004-71011001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192127009jtun_nav2k7en71010023.m25 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192160952jtun_ncodat71011006-71012001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192225316jtun_nav2k7en71011021.m25 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192290916jtun_ncodat71013002-71013003.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192332554jtun_ncodat71013003-71014001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192392917jtun_ncodat71014003-71014005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192424116jtun_ncodat71014005-71015002.x01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192637712jtun_nav2k7en71016009.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192743788jtun_nav2k7en71017018.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192810490jtun_nav2k7en71018034.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192857389jtun_nisenidcurd25.x86.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192934328jtun_ncodat71020003-71021001.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1192981897jtun_nav2k7en71020006.m25.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1193068826jtun_ncodat71022003-71022005.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1193084571jtun_ncodat71022005-71022007.x01.full.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A114C40.tmp Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3EAE407B.tmp Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\F410ED11.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\~DF1352.tmp Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\~DF156C.tmp Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\~DFA29A.tmp Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\My Documents\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\John\My Documents\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\John\My Documents\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\John\My Documents\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\KService\data\error.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\wss.dll Infected: not-a-virus:AdWare.Win32.BHO.cs skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{95C8BA23-7DEC-40CD-A7C2-1ABB11423E47}\RP387\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7DAD18CB-D13D-4E65-A11D-AD4498AD10D7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\1160418373.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\WINDOWS\system32\1160418373.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1160418373.exe/stream Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1160418373.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\avirpa.dll Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\schuu52e.dll Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\~fdger.tmp Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
pskelley
2007-11-15, 14:19
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Thanks for posting the correct information, not a lot showing, let's clean what is and see what happens.
1) See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0\ <<< out of date, download the newest version of Java and uninstall all old versions in Add Remove programs.
2) TeaTimer will block changes we must make, use these instruction to turn it off until we are done.
http://russelltexas.com/malware/teatimer.htm
3) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
4) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: wssclient - {8D99D2A3-317C-4929-8A5D-21140259D93A} - c:\PROGRA~1\wss.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
6) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Program Files\wss.dll <<< delete that file if there
(I am guessing on what to delete, it should be what I highlite in red. May be one or more?)
C:\WINDOWS\system32\1160418373.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\WINDOWS\system32\1160418373.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1160418373.exe/stream Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\WINDOWS\system32\1160418373.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\avirpa.dll <<< delete that file
C:\WINDOWS\system32\schuu52e.dll <<< delete that file
C:\WINDOWS\system32\~fdger.tmp <<< delete that file
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\ <<< delete the contents of that quarantine folder
7) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer, post a new HJT log and tell me how the computer is running now.
Thanks
Hi pskelley
many thanks for your assistance and fixes. here is my latest hjt log after going through the steps you have suggested. i think everything is ok now. as far as i'm aware anyway. let me know if you think anything else might still be astray.
regards
molton
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:58 PM, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\KService\KService.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Privacy Control\ccEmFlSv.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://johnnydrakos.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148417387109
O16 - DPF: {7ED09FF6-D76F-48FB-B056-A092324E3A0E} (FrontdoorHSBC Profile Manager Class) - https://client.ebank.hsbc.com.au/hsbc/frontdoorHSBC.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11980 bytes
pskelley
2007-11-16, 00:02
Thanks for returning your information, your HJT log looks clean:bigthumb: Run another Kaspersky scan, use the same program you used the last time, but use these settings.
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here. <<< I do not need to see the scan if it is clean like this:
Total number of scanned objects: 81237
Number of viruses found: O
Number of infected objects: O
Number of suspicious objects: 0
Just let me know how the computer is running now.
Thanks
i think it's the norton quarantine which i cant seem to delete. unless its something else??
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 15, 2007 11:23:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/11/2007
Kaspersky Anti-Virus database records: 431358
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 75400
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:11:44
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-15_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A114C40.tmp Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\D74544F4.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012007111520071116\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\hsperfdata_John\2776 Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\JETD259.tmp Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\JETEC88.tmp Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\My Documents\Finance & Shares\Money Files\John's Portfolio.lrd Object is locked skipped
C:\Documents and Settings\John\My Documents\Finance & Shares\Money Files\John's Portfolio.mny Object is locked skipped
C:\Documents and Settings\John\My Documents\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\John\My Documents\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\John\My Documents\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\John\My Documents\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\KService\data\error.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{95C8BA23-7DEC-40CD-A7C2-1ABB11423E47}\RP394\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BF5A82E4-7AFB-40A5-B467-AA373AD0A754}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
pskelley
2007-11-16, 01:58
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A114C40.tmp Infected: Email-Worm.Win32.Luder.a skipped
That's it, it can not harm you now that it is quarantined but you really should know how to clean your anti-virus quarantine folder. I have this information:
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000041213443506
remember to enable hidden files, knowing Symantec, they just might have it hidden?
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
If you can not clean it with that information, contact Symantec Tech Support for instructions.
http://www.symantec.com/support/index.jsp
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
Hi
Thanks very much for your assistance. Very much appreciated. :bigthumb:
I have contacted Symantec to assist with the removal of the quarantine files. The quarantine folder is empty within the actual program, however these files are still appearing and the system doesn't allow me to delete them.
Hopefully I won't need to contact you again :)
molton
pskelley
2007-11-17, 14:10
You can see where the pathway says it should be. If you have all files and folders enabled, then try asking search companion to search for 2A114C40.tmp Might take a while, lots of files to search through. I am interested in why it is not where it should be, so let me know what you find.
Thanks...Phil
Hi
I can see the files now in the quarantine folder directory. (They dont actually appear in the quarantine section in norton program). When i press delete on these it gives me a warning that i can't delete because it gives me a warning to say access denied and file may be in use.
I think perhaps I need to totally turn off norton's in order to delete these files?? Have tried disabling the program however still can't delete. I will see what Symantec responds to me with.
cheers
pskelley
2007-11-17, 17:17
You can boot to safe mode when the junk will not be running and delete it there:
http://spyware-free.us/tutorials/safemode/
Or use the delete on reboot tool in HJT:
How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Let me know how it goes. Can you tell me if it's one file or more. I am especially interested since Kaspersky shows only the one.
If you wait on Symantec, don't hold your breath:sad:
Thanks
I will try the safemode and the hjt technique if it doesn't work now and let you know.
In the meantime, yes there is a couple of files in this quarantine directory. There is the 2A114C40.tmp one and there is a 3EAE407B.tmp and there is also a subfolder within the quarantine folder with a file in it called 00000001.RMA. As you say, Kapersky is only picking up the one.
cheers
Hi
I was able to delete all the files under the quarantine folder in safe mode.
Let me know if you want me to run anything further to look into why kapersky only picked up one of them
thanks
pskelley
2007-11-17, 17:43
No reason to run Kaspersky again, I would be asking Symantec about the though. My thoughts are if it in a .tbp folder it can be deleted if it is malware or not and if it is in a quarantine folder that means to me Symantec identified it as malware and could not delete it so it quarantined the files. Understand, I do not use their program and that is how it usually works. I sometimes feel sorry for folks who pay them.
I'll give you a few days and then close this topic.
Safe surfing...Phil:bigthumb: