Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virus That Will Not Go Away!


  • Please log in to reply
18 replies to this topic

#1 lizzylo

lizzylo

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 03 September 2007 - 11:28 AM

Hello everyone :)

I was infected yesterday with a whole packet of about 7 different virus/bugs from something I downloaded and did not scan...like a fool. I have CA security center (the virus and spyware type) installed and right away it began to pick up and try to remove the bugs. I have spent the last day trying to clean the computer and get rid of this stuff....with no luck at all. Its like NOTHING is helping. I'll run a scan, trash the stuff, and it will come right back <_< also, I cn seem to find the files they say are infected or anything...its been a long night.

Every time I run my spyware scanner "Nebuler S" pops up EVERY time, alone or with more carp** that it has downloaded for me. Im also getting pop up warnings about " Win32/Kastem.AG" as well as something called "win32/vundo!generic"

I read on one forum that AVG could at least get rid of the Nebuler problem, so I did a full scan with that (it took like 3 hours). It found some little things, but did not fix the issue.
I also did some reading and finally found one bug in the registry listed as " winjgf32" and thought if I got rid of it my problem would finally be gone. nope.

These things are causing pop ups, random things being downloaded on my desktop, and my internet explorer crashes or sometimes gives a pop up with the error " the instruction at "0x02883346" referenced memory at "0x00000000" the memory could not be read." Firefox seems to be just fine though.

I hope someone can be so kind as to help me...I would appreciate it so much. I work from my computer full time so this could really mess with important stuff :( Thank you again.

Here is my log file.....



Logfile of HijackThis v1.99.1
Scan saved at 1:23:46 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
C:\WINDOWS\regedit.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\TEMP\win8A.tmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
C:\Documents and Settings\Liz\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {34062413-1ABA-8EA5-618A-024C27617594} - C:\Program Files\Jbdhpigo\wgauzast.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [erelcnoh] rundll32.exe "C:\Program Files\zmvcdgno\hmpajarw.dll",Init
O4 - HKLM\..\Run: [pwhwlgxm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pwhwlgxm.dll"
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win8A.tmp.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtax.dll,startup
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187212866046
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\SYSTEM32\winjgf32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

Im sorry to do another post this soon, but some other things started going wrong and I cant seem to edit my post. Since the first post it seems to have gotten much worse. Now when I scan I am getting a Trojan called " Newmedia Codec " every time with the other "Nebuler S"

I am also getting these internet explorer popups/error pop ups ...even though I have no explorer open at the time. When I read more it said the error was in a file located at C:\WINDOWS\TEMP\9da5_appcompat.txt but I cant locate it in the area its listed. I am getting some sort of explorer error every 3-4 min at least that pops up.

My computer use is also jumping all over the place now, it goes from 38%...hangs out at 100%.....drops down for a sec, and then goes right back. The computer is only a few months old and it never did this till I got those infections :(

thanks and sorry about the double post~ this stuff just started to happen and get worse.

    Advertisements

Register to Remove


#2 amateur

amateur

    Authentic Member

  • Malware Team
  • 168 posts

Posted 03 September 2007 - 05:34 PM

Hello and welcome to the forum. :)

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Download SmitfraudFix (by S!Ri).
Extract all the content to a folder named SmitfraudFix on your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

Then restart the computer normally. Post the contents of the SmitfraudFix log located at C:\rapport.txt into this thread, along with a new HijackThis log.
Amateur
ASAP
Posted Image
Posted Image

#3 lizzylo

lizzylo

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 03 September 2007 - 11:41 PM

thanks so much for your time :) . I did what you said, never say anything pop up about wininet.dll though. After restart, got a pop up about infection win32/Vundogeneric right away, as well as an internet explorer error popup.

Ok, here is the info...


SmitFraudFix v2.219

Scan done at 1:23:00.64, Tue 09/04/2007
Run from C:\Documents and Settings\Liz\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\.protected Deleted
C:\WINDOWS\mgrs.exe Deleted
C:\DOCUME~1\Liz\STARTM~1\Programs\Startup\.protected Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1F061506-C46F-4D46-B1F7-CC1351A38FD0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F061506-C46F-4D46-B1F7-CC1351A38FD0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1F061506-C46F-4D46-B1F7-CC1351A38FD0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




Logfile of HijackThis v1.99.1
Scan saved at 1:37:32 AM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\TEMP\winF9.tmp.exe
C:\WINDOWS\mgrs.exe
C:\Documents and Settings\Liz\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {34062413-1ABA-8EA5-618A-024C27617594} - C:\Program Files\Jbdhpigo\wgauzast.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [erelcnoh] rundll32.exe "C:\Program Files\zmvcdgno\hmpajarw.dll",Init
O4 - HKLM\..\Run: [pwhwlgxm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pwhwlgxm.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winF9.tmp.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxaf.dll,startup
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187212866046
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\SYSTEM32\winjgf32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

#4 amateur

amateur

    Authentic Member

  • Malware Team
  • 168 posts

Posted 04 September 2007 - 06:33 AM

Hi,

Well, you had multiple infections: one down, more to go.

1. Download this file

* IMPORTANT !!! Place combofix.exe on your Desktop

Posted Image

2. Go to Posted Image > Run > paste in the following single line command in bold and click OK

"%userprofile%\desktop\combofix.exe" /killall

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Amateur
ASAP
Posted Image
Posted Image

#5 lizzylo

lizzylo

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 04 September 2007 - 07:05 AM

good morning :) Ok, did what you said~ here is what I have


ComboFix 07-09-04.4 - "Liz" 2007-09-04 8:40:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2446 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\.protected
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\Ultimate Defender\Ultimate Defender Uninstall.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\Ultimate Defender\Ultimate Defender.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Ultimate Defender
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe.bak
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\winjgf32.dll


((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


2007-09-04 08:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-04 04:56 <DIR> d-------- C:\DOCUME~1\Liz\APPLIC~1\PlayFirst
2007-09-04 04:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-09-04 04:36 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-09-04 03:20 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-04 01:34 94,208 --a------ C:\WINDOWS\system32\drvxaf.dll
2007-09-04 01:34 15,360 --a------ C:\WINDOWS\system32\drvxafr.dll
2007-09-04 01:23 2,732 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-04 01:22 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-04 01:22 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-04 01:22 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-04 00:58 94,208 --a------ C:\WINDOWS\system32\drvhor.dll
2007-09-04 00:58 15,360 --a------ C:\WINDOWS\system32\drvhorr.dll
2007-09-04 00:54 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-03 12:35 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\WinRAR
2007-09-03 12:25 69,492 --a------ C:\Program Files\setup.exe
2007-09-03 12:22 93,184 --a------ C:\WINDOWS\system32\drvtax.dll
2007-09-03 12:22 15,360 --a------ C:\WINDOWS\system32\drvtaxr.dll
2007-09-03 12:13 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-03 08:07 93,184 --a------ C:\WINDOWS\system32\drvleb.dll
2007-09-03 08:07 15,360 --a------ C:\WINDOWS\system32\drvlebr.dll
2007-09-03 07:31 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-09-03 07:19 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-03 07:19 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-03 06:40 <DIR> d-------- C:\DOCUME~1\Liz\APPLIC~1\Yahoo!
2007-09-03 06:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-03 05:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-09-03 05:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-09-03 05:30 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-09-03 05:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-03 05:00 93,184 --a------ C:\WINDOWS\system32\drvcak.dll
2007-09-03 05:00 15,360 --a------ C:\WINDOWS\system32\drvcakr.dll
2007-09-03 05:00 102,400 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\pwhwlgxm.dll
2007-09-03 05:00 <DIR> d-------- C:\Program Files\zmvcdgno
2007-09-03 05:00 <DIR> d-------- C:\Program Files\Jbdhpigo
2007-08-26 01:12 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-08-26 01:12 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-26 01:12 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-08-26 01:12 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-08-26 01:12 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-08-26 01:12 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-26 01:12 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-26 01:12 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-08-26 01:12 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-08-26 01:12 <DIR> d-------- C:\Program Files\AVSMedia
2007-08-22 00:48 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-08-19 06:06 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-19 06:05 <DIR> d-------- C:\Program Files\ReadWrite Korean
2007-08-16 09:57 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-08-15 17:29 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-08-15 17:27 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-15 03:02 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-05 22:06 <DIR> d-------- C:\Program Files\Real Alternative
2007-08-05 22:06 <DIR> d-------- C:\Program Files\Media Player Classic
2007-08-05 22:06 <DIR> d-------- C:\DOCUME~1\Liz\APPLIC~1\Real
2007-08-05 22:06 <DIR> d-------- C:\DOCUME~1\Liz\APPLIC~1\Media Player Classic
2007-08-05 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-04 08:46 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\WTablet
2007-09-04 08:46 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\Skype
2007-09-04 04:56 --------- d-------- C:\Program Files\LimeWire
2007-09-04 04:29 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\LimeWire
2007-08-26 01:06 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\DivX
2007-08-24 00:52 --------- d-------- C:\Program Files\mIRC
2007-08-22 00:48 --------- d-------- C:\Program Files\CA
2007-08-22 00:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-08-15 05:31 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet
2007-08-06 22:08 --------- d-------- C:\Program Files\DivX
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 19:06 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-26 19:06 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-26 19:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-26 19:06 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-26 19:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 19:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 19:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 19:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-26 19:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 19:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 19:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 19:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-26 19:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 19:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-26 19:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 19:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-26 19:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 19:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-26 19:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-26 19:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-25 03:40 --------- d-------- C:\Program Files\QuickTime
2007-07-25 03:40 --------- d-------- C:\Program Files\iTunes
2007-07-25 03:40 --------- d-------- C:\Program Files\iPod
2007-07-25 03:40 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\Apple Computer
2007-07-25 03:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-25 03:39 --------- d-------- C:\Program Files\Apple Software Update
2007-07-25 03:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-23 23:55 --------- d-------- C:\Program Files\TrueSwitch
2007-07-23 07:24 879832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-23 07:24 108360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-22 17:14 --------- d-------- C:\Program Files\XemiComputers
2007-07-22 17:14 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\XemiComputers
2007-07-22 17:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\XemiComputers
2007-07-22 17:10 --------- d-------- C:\Program Files\Software by Design
2007-07-18 02:39 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\Opera
2007-07-16 16:03 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\Google
2007-07-16 16:02 --------- d-------- C:\Program Files\Google
2007-07-16 02:10 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\BitTorrent
2007-07-16 02:09 --------- d-------- C:\Program Files\BitTorrent
2007-07-10 17:01 --------- d-------- C:\Program Files\EPSON
2007-07-10 15:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2003-06-20 03:05 49776 --a------ C:\WINDOWS\inf\usbhub20.sys
2003-06-20 03:05 24752 --a------ C:\WINDOWS\inf\hidclass.sys
2003-06-20 03:05 20688 --a------ C:\WINDOWS\inf\usbd.sys
2003-06-20 03:05 19728 --a------ C:\WINDOWS\inf\usbehci.sys
2003-06-20 03:05 138288 --a------ C:\WINDOWS\inf\usbport.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34062413-1ABA-8EA5-618A-024C27617594}]
2007-09-03 05:00 102400 --a------ C:\Program Files\Jbdhpigo\wgauzast.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-09-03 02:09]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-16 09:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"erelcnoh"="C:\Program Files\zmvcdgno\hmpajarw.dll" [2007-09-03 05:00]
"pwhwlgxm"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\pwhwlgxm.dll" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-03 07:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 13:14]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-05-10 11:24]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-01 19:11]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2007-05-23 17:22:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-09-03 07:31 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Liz^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Liz\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\DNINDIS5.SYS
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys


Contents of the 'Scheduled Tasks' folder
"2007-08-31 18:21:46 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Liz at 9 48 AM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 08:45:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-04 8:59:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-04 08:58

--- E O F ---






Logfile of HijackThis v1.99.1
Scan saved at 9:02:41 AM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Liz\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {34062413-1ABA-8EA5-618A-024C27617594} - C:\Program Files\Jbdhpigo\wgauzast.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [erelcnoh] rundll32.exe "C:\Program Files\zmvcdgno\hmpajarw.dll",Init
O4 - HKLM\..\Run: [pwhwlgxm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pwhwlgxm.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187212866046
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

#6 amateur

amateur

    Authentic Member

  • Malware Team
  • 168 posts

Posted 04 September 2007 - 10:20 AM

Hi,

You seem to have picked up more malware. You have LimeWire and Bittorent (which is loading at the start up) installed. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware.

Even if the program you use is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I strongly recommend that you remove it from your system via Add/Remove Programs in Control Panel.

========================================

You have two antivirus applications running at the same time, i.e. AVG and CA Internet Security Suite. That's not a good practice. Multiple antivirus programs can bog down your system, interfere with each other, and may even cause crashes. I highly recommend you remove all but one of them using the Add/Remove Programs in the Control Panel.

===========================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drvxaf.dll
C:\WINDOWS\system32\drvxafr.dll
C:\WINDOWS\system32\drvhor.dll
C:\WINDOWS\system32\drvhorr.dll
C:\WINDOWS\system32\drvtax.dll
C:\WINDOWS\system32\drvtaxr.dll
C:\Program Files\setup.exe
C:\WINDOWS\system32\drvleb.dll
C:\WINDOWS\system32\drvlebr.dll
C:\WINDOWS\system32\drvcak.dll
C:\WINDOWS\system32\drvcakr.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\pwhwlgxm.dll

Folder::
C:\Program Files\zmvcdgno
C:\Program Files\Jbdhpigo
C:\Program Files\LimeWire
C:\DOCUME~1\Liz\APPLIC~1\LimeWire
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent
C:\Program Files\BitTorrent

Driver::
erelcnoh
pwhwlgxm

Registry;;
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34062413-1ABA-8EA5-618A-024C27617594}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"erelcnoh"=-
“pwhwlgxm"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Amateur
ASAP
Posted Image
Posted Image

#7 lizzylo

lizzylo

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 04 September 2007 - 01:06 PM

Hi again :) Ok here is the new info~ Thanks yet again!!



ComboFix 07-09-04.4 - "Liz" 2007-09-04 12:35:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2497 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Liz\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\drvxaf.dll
C:\WINDOWS\system32\drvxafr.dll
C:\WINDOWS\system32\drvhor.dll
C:\WINDOWS\system32\drvhorr.dll
C:\WINDOWS\system32\drvtax.dll
C:\WINDOWS\system32\drvtaxr.dll
C:\Program Files\setup.exe
C:\WINDOWS\system32\drvleb.dll
C:\WINDOWS\system32\drvlebr.dll
C:\WINDOWS\system32\drvcak.dll
C:\WINDOWS\system32\drvcakr.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\pwhwlgxm.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\pwhwlgxm.dll
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\bittorrent.log
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\metainfo\23643dd7ac6a915ff05f4ad20fd462dca4e5dde3
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\metainfo\2f8f6e4d3b378cae8d1cd239f0caaa907ad41af4
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\metainfo\50dd8881d513772005ab51b9f9f6f9b222bfec68
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\metainfo\623398f284f3be9f9939314629698b26eca4ec87
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\metainfo\632f6f4c648e68c01a2c679c4add34e408af5753
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\metainfo\6f955a5b63a6c13dcda1bee7615a5742d61e4b15
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\metainfo\78006ad7f6bb50664ee3adb729ed4a2b9f0c48f8
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\metainfo\8395810d6529f17d23e4f26a263c1f8796eec5b9
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\routing_table
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\ui_config
C:\DOCUME~1\Liz\APPLIC~1\BitTorrent\data\ui_state
C:\DOCUME~1\Liz\APPLIC~1\LimeWire
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\.NetworkShare\LimeWireWin4.14.8.exe
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\412splashfree.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\createtimes.cache
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\data.ser
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\fileurns.bak
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\fileurns.cache
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\filters.props
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\gnutella.net
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\installation.props
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\library.dat
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\limewire.props
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\pub1.key
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\public.key
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\questions.props
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\responses.cache
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\secureMessage.key
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\simpp.xml
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\spam.dat
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\tables.props
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme.lwtp
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme1_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme2_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme3_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme4_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme5_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\chat.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\dir_closed.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\dir_open.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\forward_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\forward_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\kill.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\kill_on.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\lime.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\logo.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\notsearching.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\pause_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\pause_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\play_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\play_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\question.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\rewind_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\rewind_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\searching.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\splash.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\splashpro.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\stop_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\stop_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\theme.txt
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\black_theme\warning.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme.lwtp
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme1_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme2_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme3_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme4_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme5_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\chat.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\dir_closed.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\dir_open.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\forward_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\forward_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\kill.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\logo.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\notsearching.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\pause_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\pause_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\play_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\play_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\question.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\rewind_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\rewind_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\search.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\searching.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\splash.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\splashpro.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\stop_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\stop_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\theme.txt
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\classic_theme\warning.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme.lwtp
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme1_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme2_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme3_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme4_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme5_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\chat.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\dir_closed.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\dir_open.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\forward_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\forward_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\kill.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\kill_on.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\lime.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\logo.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\notsearching.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\pause_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\pause_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\play_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\play_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\question.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\rewind_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\rewind_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\searching.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\splash.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\splashpro.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\stop_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\stop_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\theme.txt
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\limewire_theme\warning.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme.lwtp
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme1_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme2_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme3_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme4_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme5_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\chat.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\forward_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\forward_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\kill.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\kill_on.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\logo.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\notsearching.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\pause_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\pause_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\play_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\play_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\question.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\rewind_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\rewind_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\searching.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\splash.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\splashpro.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\stop_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\stop_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\theme.txt
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\other_theme\warning.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme.lwtp
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme1_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme2_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme3_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme4_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme5_star.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\chat.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\forward_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\forward_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\kill.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\kill_on.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\logo.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\notsearching.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\pause_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\pause_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\play_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\play_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\question.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\rewind_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\rewind_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\searching.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\splash.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\splashpro.png
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\stop_dn.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\stop_up.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\theme.txt
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\themes\windows_theme\warning.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\ttree.cache
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\update.xml
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\version.key
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\version.xml
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\data\application.sxml
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\data\audio.sxml
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\data\delete_me
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\data\video.sxml
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\misc\application.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\misc\audio.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\misc\document.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\misc\image.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\misc\video.gif
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\schemas\application.xsd
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\schemas\audio.xsd
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\schemas\document.xsd
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\schemas\image.xsd
C:\DOCUME~1\Liz\APPLIC~1\LimeWire\xml\schemas\video.xsd
C:\Program Files\BitTorrent
C:\Program Files\BitTorrent\addrmap.dat
C:\Program Files\BitTorrent\plugin.inf
C:\Program Files\Jbdhpigo
C:\Program Files\Jbdhpigo\wgauzast.dll
C:\Program Files\LimeWire
C:\Program Files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.11.7z
C:\Program Files\LimeWire\.NetworkShare\LimeWireWin4.12.11.exe
C:\Program Files\LimeWire\clink.jar
C:\Program Files\LimeWire\commons-httpclient.jar
C:\Program Files\LimeWire\commons-logging.jar
C:\Program Files\LimeWire\commons-net.jar
C:\Program Files\LimeWire\COPYING
C:\Program Files\LimeWire\daap.jar
C:\Program Files\LimeWire\data.ser
C:\Program Files\LimeWire\donotremove.htm
C:\Program Files\LimeWire\GenericWindowsUtils.dll
C:\Program Files\LimeWire\hashes
C:\Program Files\LimeWire\hs_err_pid5208.log
C:\Program Files\LimeWire\hs_err_pid6128.log
C:\Program Files\LimeWire\i18n.jar
C:\Program Files\LimeWire\icu4j.jar
C:\Program Files\LimeWire\id3v2.jar
C:\Program Files\LimeWire\install.log
C:\Program Files\LimeWire\jcraft.jar
C:\Program Files\LimeWire\jl011.jar
C:\Program Files\LimeWire\jmdns.jar
C:\Program Files\LimeWire\language.prop
C:\Program Files\LimeWire\LimeWire On Startup.lnk
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LimeWire\LimeWire.ico
C:\Program Files\LimeWire\LimeWire.jar
C:\Program Files\LimeWire\LimeWire20.dll
C:\Program Files\LimeWire\log4j.jar
C:\Program Files\LimeWire\log4j.properties
C:\Program Files\LimeWire\looks.jar
C:\Program Files\LimeWire\MessagesBundle.properties
C:\Program Files\LimeWire\MessagesBundles.jar
C:\Program Files\LimeWire\mp3sp14.jar
C:\Program Files\LimeWire\pmf.ico
C:\Program Files\LimeWire\ProgressTabs.jar
C:\Program Files\LimeWire\root\magnet10\badge.img
C:\Program Files\LimeWire\root\magnet10\canHandle.img
C:\Program Files\LimeWire\root\magnet10\limewire.gif
C:\Program Files\LimeWire\root\magnet10\options.js
C:\Program Files\LimeWire\root\magnet10\silentdetect.js
C:\Program Files\LimeWire\SOURCE
C:\Program Files\LimeWire\spacer.gif
C:\Program Files\LimeWire\themes.jar
C:\Program Files\LimeWire\tritonus.jar
C:\Program Files\LimeWire\uninstall.exe
C:\Program Files\LimeWire\unpack.log
C:\Program Files\LimeWire\update.ver
C:\Program Files\LimeWire\vorbis.jar
C:\Program Files\LimeWire\WindowsFirewall.dll
C:\Program Files\LimeWire\WindowsV5PlusUtils.dll
C:\Program Files\LimeWire\xerces.jar
C:\Program Files\LimeWire\xml-apis.jar
C:\Program Files\LimeWire\xml.war
C:\Program Files\setup.exe
C:\Program Files\zmvcdgno
C:\Program Files\zmvcdgno\hmpajarw.dll
C:\WINDOWS\system32\drvcak.dll
C:\WINDOWS\system32\drvcakr.dll
C:\WINDOWS\system32\drvhor.dll
C:\WINDOWS\system32\drvhorr.dll
C:\WINDOWS\system32\drvleb.dll
C:\WINDOWS\system32\drvlebr.dll
C:\WINDOWS\system32\drvtax.dll
C:\WINDOWS\system32\drvtaxr.dll
C:\WINDOWS\system32\drvxaf.dll
C:\WINDOWS\system32\drvxafr.dll


((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


2007-09-04 08:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-04 04:56 <DIR> d-------- C:\DOCUME~1\Liz\APPLIC~1\PlayFirst
2007-09-04 04:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-09-04 04:36 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-09-04 03:20 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-04 01:23 2,732 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-04 01:22 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-04 01:22 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-04 01:22 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-04 00:54 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-03 12:35 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\WinRAR
2007-09-03 12:13 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-03 07:19 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-03 07:19 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-03 06:40 <DIR> d-------- C:\DOCUME~1\Liz\APPLIC~1\Yahoo!
2007-09-03 06:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-03 05:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-09-03 05:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-09-03 05:30 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-09-03 05:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-26 01:12 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-08-26 01:12 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-26 01:12 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-08-26 01:12 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-08-26 01:12 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-08-26 01:12 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-26 01:12 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-26 01:12 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-08-26 01:12 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-08-26 01:12 <DIR> d-------- C:\Program Files\AVSMedia
2007-08-22 00:48 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-08-19 06:06 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-19 06:05 <DIR> d-------- C:\Program Files\ReadWrite Korean
2007-08-16 09:57 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-08-15 17:29 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-08-15 17:27 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-15 03:02 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-05 22:06 <DIR> d-------- C:\Program Files\Real Alternative
2007-08-05 22:06 <DIR> d-------- C:\Program Files\Media Player Classic
2007-08-05 22:06 <DIR> d-------- C:\DOCUME~1\Liz\APPLIC~1\Real
2007-08-05 22:06 <DIR> d-------- C:\DOCUME~1\Liz\APPLIC~1\Media Player Classic
2007-08-05 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-04 14:23 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\WTablet
2007-09-04 14:23 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\Skype
2007-08-26 01:06 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\DivX
2007-08-24 00:52 --------- d-------- C:\Program Files\mIRC
2007-08-22 00:48 --------- d-------- C:\Program Files\CA
2007-08-22 00:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-08-15 05:31 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet
2007-08-06 22:08 --------- d-------- C:\Program Files\DivX
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 19:06 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-26 19:06 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-26 19:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-26 19:06 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-26 19:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 19:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 19:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 19:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-26 19:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 19:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 19:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 19:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-26 19:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 19:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-26 19:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 19:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-26 19:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 19:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-26 19:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-26 19:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-25 03:40 --------- d-------- C:\Program Files\QuickTime
2007-07-25 03:40 --------- d-------- C:\Program Files\iTunes
2007-07-25 03:40 --------- d-------- C:\Program Files\iPod
2007-07-25 03:40 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\Apple Computer
2007-07-25 03:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-25 03:39 --------- d-------- C:\Program Files\Apple Software Update
2007-07-25 03:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-23 23:55 --------- d-------- C:\Program Files\TrueSwitch
2007-07-23 07:24 879832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-23 07:24 108360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-22 17:14 --------- d-------- C:\Program Files\XemiComputers
2007-07-22 17:14 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\XemiComputers
2007-07-22 17:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\XemiComputers
2007-07-22 17:10 --------- d-------- C:\Program Files\Software by Design
2007-07-18 02:39 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\Opera
2007-07-16 16:03 --------- d-------- C:\DOCUME~1\Liz\APPLIC~1\Google
2007-07-16 16:02 --------- d-------- C:\Program Files\Google
2007-07-10 17:01 --------- d-------- C:\Program Files\EPSON
2007-07-10 15:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2003-06-20 03:05 49776 --a------ C:\WINDOWS\inf\usbhub20.sys
2003-06-20 03:05 24752 --a------ C:\WINDOWS\inf\hidclass.sys
2003-06-20 03:05 20688 --a------ C:\WINDOWS\inf\usbd.sys
2003-06-20 03:05 19728 --a------ C:\WINDOWS\inf\usbehci.sys
2003-06-20 03:05 138288 --a------ C:\WINDOWS\inf\usbport.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-09-03 02:09]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-16 09:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"erelcnoh"="C:\Program Files\zmvcdgno\hmpajarw.dll" []
"pwhwlgxm"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\pwhwlgxm.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 13:14]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-05-10 11:24]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2007-05-23 17:22:45]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Liz^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Liz\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\DNINDIS5.SYS
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys


Contents of the 'Scheduled Tasks' folder
"2007-08-31 18:21:46 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Liz at 9 48 AM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 14:22:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-04 14:36:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-04 14:36
C:\ComboFix2.txt ... 2007-09-04 08:59

--- E O F ---




Logfile of HijackThis v1.99.1
Scan saved at 3:03:18 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Liz\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [erelcnoh] rundll32.exe "C:\Program Files\zmvcdgno\hmpajarw.dll",Init
O4 - HKLM\..\Run: [pwhwlgxm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pwhwlgxm.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187212866046
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

#8 amateur

amateur

    Authentic Member

  • Malware Team
  • 168 posts

Posted 04 September 2007 - 01:49 PM

Hi,


Scan with HijackThis again and put a checkmark against the following entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [erelcnoh] rundll32.exe "C:\Program Files\zmvcdgno\hmpajarw.dll",Init
O4 - HKLM\..\Run: [pwhwlgxm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pwhwlgxm.dll"


Close all browsers, including this one, and click on "fix checked".

=============================

Restart your computer

=============================

Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop in txt format.
Copy and paste that information from Kaspersky in your next post.

=============================

Please post a fresh HijackThis along with the Kaspsersky report. Also let me know how the computer is running now.
Amateur
ASAP
Posted Image
Posted Image

#9 lizzylo

lizzylo

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 September 2007 - 07:52 AM

Sorry it took so long for me to reply,

I did the scan, but I can seem to find where I need to click to save the report :blink:
Posted Image

#10 amateur

amateur

    Authentic Member

  • Malware Team
  • 168 posts

Posted 10 September 2007 - 08:03 AM

Hi, It says "error on page" at the bottom left corner. So, something must have gone wrong. Please post a fresh HijackThis log.
Amateur
ASAP
Posted Image
Posted Image

    Advertisements

Register to Remove


#11 lizzylo

lizzylo

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 10 September 2007 - 08:19 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:16:06 AM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
c:\program files\aim6\anotify.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\Liz\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Liz\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\Liz\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187212866046
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

#12 amateur

amateur

    Authentic Member

  • Malware Team
  • 168 posts

Posted 10 September 2007 - 08:25 AM

Hi,

Let's try this scanner and see if you can save the report on this one.

Perform an online scan using Internet Explorer with Panda ActiveScan
  • Click on Posted Image located at the bottom of the page.
  • A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
  • Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place
Begin the scan by selecting Posted Image
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on Posted Image then click Posted Image and post back the contents please.

Amateur
ASAP
Posted Image
Posted Image

#13 lizzylo

lizzylo

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 12 September 2007 - 01:40 PM

hello :) I just ran the new scan, but two times it crashed and closed about an hour into the scan! I tried to run the first kaspersky one final time, and it worked~ so I have the text from that software right now... KASPERSKY ONLINE SCANNER REPORT Wednesday, September 12, 2007 3:34:33 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 12/09/2007 Kaspersky Anti-Virus database records: 387417 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 361596 Number of viruses found 21 Number of infected objects 175 Number of suspicious objects 2 Duration of the scan process 02:30:20 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\CA\eTrustPestPatrol\CAPPAPLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\cert8.db Object is locked skipped C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\history.dat Object is locked skipped C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\key3.db Object is locked skipped C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\parent.lock Object is locked skipped C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\search.sqlite Object is locked skipped C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\call256.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\callmember256.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\chat512.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\chatmember256.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\chatmsg256.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\chatmsg512.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\dyncontent\bundle.dat Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\index2.dat Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\profile256.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\transfer256.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\transfer512.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\user1024.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\user16384.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\user4096.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\Skype\miss__kika\voicemail256.dbb Object is locked skipped C:\Documents and Settings\Liz\Application Data\XemiComputers\Active Desktop Calendar\Data\Active Desktop Calendar.xdat Object is locked skipped C:\Documents and Settings\Liz\Application Data\XemiComputers\Active Desktop Calendar\Log\ADC Errors Log.txt Object is locked skipped C:\Documents and Settings\Liz\Application Data\XemiComputers\Active Desktop Calendar\Log\ADC Internet Errors Log.txt Object is locked skipped C:\Documents and Settings\Liz\Application Data\XemiComputers\Active Desktop Calendar\Log\ADCLog.log Object is locked skipped C:\Documents and Settings\Liz\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HKRJJFZK\Shinobi_of_the_Sand[1].jpg Infected: Trojan-Downloader.Win32.Small.ddj skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HKRJJFZK\Shinobi_of_the_Sand[1]_jpg_1.jpg Infected: Trojan-Downloader.Win32.Small.ddj skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton AntiVirus\Quarantine\390D0681 Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton AntiVirus\Quarantine\390D0681_1 Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton AntiVirus\Quarantine\7EC73D45 Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton AntiVirus\Quarantine\7EC73D45_1 Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineEA5463.htm Infected: Trojan.JS.Offiz skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineEA5463_htm_1.htm Infected: Trojan.JS.Offiz skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine5374898.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine5374898_exe_1.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine8F8048B.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8.exe/data.rar/kans.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8.exe RarSFX: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8.exe CryptFF: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8_exe_1.exe/data.rar/kans.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8_exe_1.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8_exe_1.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8_exe_1.exe RarSFX: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE3A4AC8_exe_1.exe CryptFF: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE720729.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE720729.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE720729_dll_1.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\QuarantineE720729_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\120942B7.exe Infected: Trojan-PSW.Win32.Sinowal.aa skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\120942B7_exe_1.exe Infected: Trojan-PSW.Win32.Sinowal.aa skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12336489.exe Infected: Trojan-PSW.Win32.Sinowal.aa skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12336489_exe_1.exe Infected: Trojan-PSW.Win32.Sinowal.aa skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19D03606.ocx Infected: Trojan-Downloader.Win32.Agent.ex skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19D03606_ocx_1.ocx Infected: Trojan-Downloader.Win32.Agent.ex skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B052328.EXE Infected: Trojan.Win32.VB.qv skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B052328_EXE_1.EXE Infected: Trojan.Win32.VB.qv skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B324363.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B324363_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B356D60.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B356D60.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B356D60.htm Infected: Trojan-Downloader.JS.IstBar.j skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B356D60_dll_1.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B356D60_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B356D60_htm_1.htm Infected: Trojan-Downloader.JS.IstBar.j skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BEB3FCB.exe Infected: Trojan-Downloader.Win32.Delf.ep skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BEB3FCB_exe_1.exe Infected: Trojan-Downloader.Win32.Delf.ep skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E7B2095.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706.exe/data.rar/kans.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706.exe RarSFX: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706.exe CryptFF: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706_exe_1.exe/data.rar/kans.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706_exe_1.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706_exe_1.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706_exe_1.exe RarSFX: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B62706_exe_1.exe CryptFF: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28CE7853.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28CE7853.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28CE7853_dll_1.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28CE7853_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\294B7B16.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\294B7B16_dll_1.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\294E2512.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29582308.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29582308_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2CC20806.pif Infected: Backdoor.Win32.SdBot.gen skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2CC20806_pif_1.pif Infected: Backdoor.Win32.SdBot.gen skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415.exe/data.rar/kans.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415.exe RarSFX: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415.exe CryptFF: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415_exe_1.exe/data.rar/kans.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415_exe_1.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415_exe_1.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415_exe_1.exe RarSFX: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1C2415_exe_1.exe CryptFF: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\31805624.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\31805624_sys_1.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34CD04C1.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34CD04C1_dll_1.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39E15122.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39E15122_sys_1.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4158574A.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4158574A_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41B65705.exe Infected: Trojan-Downloader.Win32.Small.ddj skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41B65705_exe_1.exe Infected: Trojan-Downloader.Win32.Small.ddj skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43A14513.htm Infected: Trojan-Downloader.JS.IstBar.d skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43A14513_htm_1.htm Infected: Trojan-Downloader.JS.IstBar.d skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\454336F7.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\454336F7_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45B359EB.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45B359EB_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\477D4B96.htm Infected: Exploit.HTML.IframeBof skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\477D4B96_htm_1.htm Infected: Exploit.HTML.IframeBof skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48945AAB.exe Infected: P2P-Worm.Win32.SpyBot.gl skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48945AAB_exe_1.exe Infected: P2P-Worm.Win32.SpyBot.gl skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4AC8192C.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4AC8192C_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\53D8640E.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\53D8640E_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5733694F.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5733694F_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5B172EB7.exe Infected: Trojan-Downloader.Win32.Small.go skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5B172EB7_exe_1.exe Infected: Trojan-Downloader.Win32.Small.go skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D7D6341.exe Infected: Backdoor.Win32.SdBot.gen skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D7D6341_exe_1.exe Infected: Backdoor.Win32.SdBot.gen skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\624E6B11.exe Infected: P2P-Worm.Win32.SpyBot.gl skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\624E6B11_exe_1.exe Infected: P2P-Worm.Win32.SpyBot.gl skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6277530B.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6277530B_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\627A7D08.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\627A7D08_sys_1.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\627D2704.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\627D2704_sys_1.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63AA4E0D.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63AA4E0D_dll_1.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63AD780A.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63AD780A_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64012E31.exe Infected: Trojan-Downloader.Win32.Delf.ep skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64012E31_exe_1.exe Infected: Trojan-Downloader.Win32.Delf.ep skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6404582E.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6404582E_dll_1.dll Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64D46961.exe Infected: P2P-Worm.Win32.SpyBot.gl skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64D46961_exe_1.exe Infected: P2P-Worm.Win32.SpyBot.gl skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\686E7B8A.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69365589.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69365589_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A386B16.dll Infected: Trojan.Win32.Delf.gh skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A386B16_dll_1.dll Infected: Trojan.Win32.Delf.gh skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5.exe/data.rar/kans.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5.exe RarSFX: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5.exe CryptFF: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5_exe_1.exe/data.rar/kans.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5_exe_1.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5_exe_1.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5_exe_1.exe RarSFX: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB01E5_exe_1.exe CryptFF: infected - 3 skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\726B1B10.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\726E450D.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\726E450D_sys_1.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72716F09.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72716F09_sys_1.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72741906.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72741906_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74197323.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74197323_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763624FC.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763624FC.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763624FC_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763624FC_sys_1.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76394EF9.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76394EF9.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76394EF9_exe_1.exe Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76394EF9_sys_1.sys Infected: Trojan.Win32.Kolweb.a skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79EC271D.exe Infected: Trojan-Downloader.Win32.Small.go skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79EC271D_exe_1.exe Infected: Trojan-Downloader.Win32.Small.go skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7CE713E4.htm Suspicious: Exploit.HTML.Mht skipped C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7CE713E4_htm_1.htm Suspicious: Exploit.HTML.Mht skipped C:\Documents and Settings\Liz\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\AOL OCP\AIM\Storage\data\angelic19th\localStorage\common.cls Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Identities\{1C0E0758-E3D9-4A96-96ED-5980B208AB19}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Identities\{1C0E0758-E3D9-4A96-96ED-5980B208AB19}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Identities\{1C0E0758-E3D9-4A96-96ED-5980B208AB19}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Identities\{1C0E0758-E3D9-4A96-96ED-5980B208AB19}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Messenger\pink_yamato@yahoo.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Messenger\pink_yamato@yahoo.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Messenger\pink_yamato@yahoo.com\SharingMetadata\Working\database_C6F0_9F30_F09F_2629\dfsr.db Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Messenger\pink_yamato@yahoo.com\SharingMetadata\Working\database_C6F0_9F30_F09F_2629\fsr.log Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Messenger\pink_yamato@yahoo.com\SharingMetadata\Working\database_C6F0_9F30_F09F_2629\fsrtmp.log Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Messenger\pink_yamato@yahoo.com\SharingMetadata\Working\database_C6F0_9F30_F09F_2629\tmp.edb Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Windows Live Contacts\pink_yamato@yahoo.com\real\members.stg Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Windows Live Contacts\pink_yamato@yahoo.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Application Data\Mozilla\Firefox\Profiles\urbju8w8.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Liz\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Liz\Local Settings\History\History.IE5\MSHist012007091220070913\index.dat Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\fla14E7.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\~DF1DB.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\~DF518D.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\~DF629E.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\~DF786A.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\~DF78A3.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\~DF93E.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\~DFA0A7.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\~DFA0D1.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temp\~DFA0E1.tmp Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Liz\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Liz\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\CA\SharedComponents\PPRT\logs\2007-09-10.csv Object is locked skipped C:\qoobox\Quarantine\C\Program Files\setup.exe.vir/data0007 Infected: Trojan-Downloader.Win32.Zlob.chd skipped C:\qoobox\Quarantine\C\Program Files\setup.exe.vir NSIS: infected - 1 skipped C:\qoobox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\qoobox\Quarantine\C\WINDOWS\system32\drvhor.dll.vir Object is locked skipped C:\qoobox\Quarantine\C\WINDOWS\system32\drvxaf.dll.vir Object is locked skipped C:\qoobox\Quarantine\C\WINDOWS\system32\winjgf32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP121\A0008929.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP121\A0008941.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP121\A0008996.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP121\A0009078.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.bxx skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP121\A0009078.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP122\A0009102.dll Infected: Trojan.Win32.Dialer.qn skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP122\A0009103.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP122\A0009111.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP122\A0009112.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP122\A0009113.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP122\A0009114.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP122\A0009115.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP125\A0009435.dll Object is locked skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP125\A0009437.dll Object is locked skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP125\A0009441.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.chd skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP125\A0009441.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{3C2A2416-5396-450A-9B8A-FCBD1C252F85}\RP132\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{A3EEC59B-F4A8-4BB7-8941-11047AC3D968}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

#14 amateur

amateur

    Authentic Member

  • Malware Team
  • 168 posts

Posted 12 September 2007 - 02:36 PM

Hi,

The items reported by Kaspersky are mostly in the Norton Quarantine folder. Looks like the quarantine folder got recovered while recovering NTFS Partition1. Since you don't have Norton installed anymore, you can go ahead and delete the sub folder "Norton Internet Security" inside the "recovered" folder on your desktop:

C:\Documents and Settings\Liz\Desktop\recovered\Recovered NTFS Partition 1\Program Files\Norton Internet Security

Also delete the HijackThis and the Combofix from your desktop and the following folder:

C:\qoobox

============================

We have a little bit more to do. But before we do that, how is the system running now?

Edited by amateur, 12 September 2007 - 02:41 PM.

Amateur
ASAP
Posted Image
Posted Image

#15 lizzylo

lizzylo

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 12 September 2007 - 03:01 PM

OK, got rid of the things you asked :) Its running ok right now, I still get a lot of little spy ware bugs when I scan every day~ but I'm guessing its because I still have a downloader virus on my system.. Was having some low memory issues though, like I would be working and could not copy and paste without closing a window first. I remember having that issue on my last computer, and a friend told me it was a bug as well..blah. Aside from the memory issue and scan results, its running a lot better than it was a week ago! :D So I am super happy you have helped fix me even this far

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users