Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"C:\window\Sembako-chzjlng.exe" message


  • This topic is locked This topic is locked
9 replies to this topic

#1 foxychick577

foxychick577

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:13 AM

Posted 27 January 2009 - 01:18 PM

Hello, I need some help.

My pc is running on XP PRO sp3

I've been getting a message after startup, windows cannot find "C:\windows\sembako-chzjlng.exe. make sure you typed the name correctly and then try again. To search the file, click start button and click search".

I understand now that others have had this problem before, as posted here. I've had a series of problems where couldn't even find run in start menu, the folder options under tools were missing, so i couldn't access hidden files, couldn't get through with Regedit, :step4: so i searched online and got ways to fix all that, so I'm still frustrated but partially relieved right now. :) When i bought this used computer, i downloaded AVG free edition, and it got rid of alot of infected files named Brontok, or something like that, so i thought my problems were over, but then this message! :step1:
I'd be very grateful if someone can help me with this problem.

Well i followed the preparation guide and the Hijack log is as follows:



DDS (Ver_09-01-19.01) - NTFSx86
Run by Home at 11:30:43.76 on Tue 01/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe "c:\windows\sembako-chzjlng.exe"
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system\lsass.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BMUpdate] c:\windows\system32\BMUpdate.exe
uRun: [Google Update] "c:\documents and settings\home\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [Tok-Cirrhatus]
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: download.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-27 11:03 <DIR> --d----- c:\program files\Trend Micro
2009-01-27 08:42 26,808 a------- c:\windows\system32\drivers\pxark.sys
2009-01-27 08:41 <DIR> --d----- c:\program files\PrevxCSI
2009-01-27 08:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-01-26 15:57 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-13 12:40 <DIR> --d----- c:\program files\Microsoft Small Business
2009-01-13 12:24 <DIR> --d----- c:\program files\MSXML 6.0
2009-01-13 12:18 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-01-12 14:00 13,030 a------- C:\PDOXUSRS.NET
2009-01-12 13:58 <DIR> --d----- c:\program files\Responsive Software
2009-01-10 17:56 <DIR> --d----- C:\Graboid
2009-01-07 18:02 <DIR> --d----- c:\docume~1\home\applic~1\PCF-VLC
2009-01-07 16:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Launcher
2009-01-07 16:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Graboid Inc
2009-01-07 16:13 <DIR> --d----- c:\docume~1\home\applic~1\MozillaControl
2009-01-07 16:07 <DIR> --d----- c:\program files\Mozilla ActiveX Control v1.7.12
2009-01-07 16:05 <DIR> --d----- c:\program files\VideoLAN
2009-01-07 16:05 <DIR> --d----- c:\program files\Graboid
2009-01-07 15:57 <DIR> --d----- c:\docume~1\home\applic~1\Participatory Culture Foundation
2009-01-07 15:54 <DIR> --d----- c:\program files\Participatory Culture Foundation
2009-01-02 17:46 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-02 17:46 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-02 17:45 <DIR> --d----- c:\program files\iPod
2009-01-02 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-02 17:45 <DIR> --d----- c:\program files\iTunes
2009-01-02 17:45 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-01-26 15:57 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-08-11 10:14 9 ---shr-- c:\program files\Desktop_.ini
2008-08-07 12:12 98,632 -------- c:\documents and settings\home\ONENOTEM.EXE.exe
2008-08-06 12:27 347,432 -------- c:\documents and settings\home\WINWORD.EXE.exe
2008-07-22 14:25 196,608 -------- c:\documents and settings\home\ereg32.exe.exe
2008-07-22 14:25 20,480 -------- c:\documents and settings\home\ColorWatcher.exe.exe
2008-07-18 12:41 465,200 -------- c:\documents and settings\home\POWERPNT.EXE.exe
2001-10-30 07:11 61,440 a------- c:\windows\inf\i386\onetUSD.dll
2001-09-10 09:00 139,264 a------- c:\windows\inf\i386\Rtscan.dll
2001-08-17 18:43 32,768 a------- c:\windows\inf\i386\Wiamicro.dll
2001-06-29 08:10 163,840 a------- c:\windows\inf\i386\viceo.dll
2008-03-05 14:31 10 ---shr-- c:\windows\system32\sistem.sys
2008-09-07 14:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 11:36:04.73 ===============

Thank you for your help! :thumbup2:

foxy

Attached Files


Edited by foxychick577, 27 January 2009 - 01:56 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:13 AM

Posted 08 February 2009 - 10:58 PM

Hello, foxychick577
:thumbup2: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Your log appears modified. Please do not edit the logs before posting them.

We need to run a Scan with DDS
  • Please download DDS, and save it to your desktop, from one of the following mirrors:
  • Disable any type of "Script Blockers" or "Script Protection" installed on your system.
  • Double click Posted Image on your desktop.
  • If prompted by any script blocking tools, please allow any actions taken by DDS.
  • Two reports will open. Please reply with the generated reports:
    • DDS.txt <-- Copy and paste into your next post
    • Attach.txt <-- Attach to your next post
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • DDS.txt
  • Attach.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 foxychick577

foxychick577
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:13 AM

Posted 10 February 2009 - 10:12 AM

Hello Billy, thank you for your reply.

I followed your instructions and the information requested is as follows:




DDS (Ver_09-02-01.01) - NTFSx86
Run by Home at 11:05:37.32 on Mon 02/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe "c:\windows\sembako-chzjlng.exe"
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system\lsass.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\home\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BMUpdate] c:\windows\system32\BMUpdate.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
dRun: [Tok-Cirrhatus]
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: download.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2009-01-26 15:57 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2008-08-11 10:14 9 ---shr-- c:\program files\Desktop_.ini
2008-08-07 12:12 98,632 -------- c:\documents and settings\home\ONENOTEM.EXE.exe
2008-08-06 12:27 347,432 -------- c:\documents and settings\home\WINWORD.EXE.exe
2008-07-22 14:25 196,608 -------- c:\documents and settings\home\ereg32.exe.exe
2008-07-22 14:25 20,480 -------- c:\documents and settings\home\ColorWatcher.exe.exe
2008-07-18 12:41 465,200 -------- c:\documents and settings\home\POWERPNT.EXE.exe
2001-10-30 07:11 61,440 a------- c:\windows\inf\i386\onetUSD.dll
2001-09-10 09:00 139,264 a------- c:\windows\inf\i386\Rtscan.dll
2001-08-17 18:43 32,768 a------- c:\windows\inf\i386\Wiamicro.dll
2001-06-29 08:10 163,840 a------- c:\windows\inf\i386\viceo.dll
2008-03-05 14:31 10 ---shr-- c:\windows\system32\sistem.sys
2008-09-07 14:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 11:07:48.87 ===============







GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-10 10:57:58
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT spaj.sys ZwCreateKey [0xF91400E0]
SSDT spaj.sys ZwEnumerateKey [0xF915ECA2]
SSDT spaj.sys ZwEnumerateValueKey [0xF915F030]
SSDT spaj.sys ZwOpenKey [0xF91400C0]
SSDT spaj.sys ZwQueryKey [0xF915F108]
SSDT spaj.sys ZwQueryValueKey [0xF915EF88]
SSDT spaj.sys ZwSetValueKey [0xF915F19A]

INT 0x62 ? 81B0FBF8
INT 0x82 ? 81B0FBF8

---- Kernel code sections - GMER 1.0.14 ----

? spaj.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 81B142D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9171C4C] spaj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9171CA0] spaj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9141040] spaj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F914113C] spaj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F91410BE] spaj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F91417FC] spaj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F91416D2] spaj.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9151048] spaj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] FFAC42D8

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 81B0D1F8
Device \Driver\usbuhci \Device\USBPDO-0 FFAC31F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 81B101F8
Device \Driver\dmio \Device\DmControl\DmConfig 81B101F8
Device \Driver\dmio \Device\DmControl\DmPnP 81B101F8
Device \Driver\dmio \Device\DmControl\DmInfo 81B101F8
Device \Driver\usbuhci \Device\USBPDO-1 FFAC31F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 81B111F8
Device \Driver\Cdrom \Device\CdRom0 FFACC1F8
Device \Driver\Cdrom \Device\CdRom1 FFACC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2E320ABD-EC47-40D3-8B3E-17EA30E68D39} FF9CB1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export FF9CB1F8
Device \Driver\NetBT \Device\NetbiosSmb FF9CB1F8
Device \Driver\usbuhci \Device\USBFDO-0 FFAC31F8
Device \Driver\usbuhci \Device\USBFDO-1 FFAC31F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF9B11F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FF9B11F8
Device \Driver\Ftdisk \Device\FtControl 81B111F8
Device \FileSystem\Cdfs \Cdfs 81985380

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Intel\xae PRO/100 VE Desktop Connection 1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0xBA 0xB0 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Intel\xae PRO/100 VE Desktop Connection 1?
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0xBA 0xB0 0x0C ...

---- Files - GMER 1.0.14 ----

File C:\Program Files\Sage Software\Peachtree\Company\!_CON\Customer Sales by Item v9.rpt 42496 bytes
File C:\Program Files\Sage Software\Peachtree\Company\!_CON\INVCOST.DAT 8192 bytes
File C:\Program Files\Sage Software\Peachtree\Company\!_CON\RAISEHST.DAT 61440 bytes

---- EOF - GMER 1.0.14 ----

Attached Files


Edited by foxychick577, 10 February 2009 - 10:29 AM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:13 AM

Posted 10 February 2009 - 06:06 PM

Hello, foxychick577
It's still missing a LARGE portion of the log (Specificly the ==== Processes ==== listing...)

Are you removing that or is the tool failing to produce it?

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbup2:
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 foxychick577

foxychick577
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:13 AM

Posted 12 February 2009 - 08:29 AM

Hi Billy,

I have not modified the log in anyway. I followed the procedure and that's the result. I guess it's as you said, "the tool is failing to produce it"

Well i've tried running combofix after download, and here are my problems:

A message comes up named "16 bit MS-DOS Subsytem"

In it says "C:\Windows\System32\rundll32.exe, The NTVDM CPU has encountered an illegal instruction. CS:0561 IP:6dbc OP:ff 61 05 2f choose 'close' to terminate the application"

This message comes up with command prompt as a separate entity.

So i then clicked "close" and then tried running it again, to which i had to rename combo fix to GlobRemover.exe. Everything went smoothly until the scans. I waited six hours for the scans to finish, but i eventually thought something was wrong, because it was taking too long, so i closed the command prompt window that was doing the scans.

After wards, i went to Windows Media Player and I get the same message about the 16 bit MS-DOS Subsytem. I did nothing different than what you told me. Any windows programme i get the same thing. :thumbup2:

Do you think It's a virus or something of that sort?

Thanks,

Foxychick

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:13 AM

Posted 12 February 2009 - 08:16 PM

Hello, foxychick577

Not honestly sure what it is yet....

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
We need to run a system scan with Dr. Web CureIt
  • Please download DrWeb-CureIt & save it to your desktop.
    DO NOT perform a scan yet.
  • Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Do not select "Safe Mode with Networking" or "Safe Mode with Command Prompt".
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Complete Scan"
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply, please include the following:
  • Dr.Web's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 foxychick577

foxychick577
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:13 AM

Posted 16 February 2009 - 08:55 AM

Hello Billy, the Dr Web Log is as follows:



psexec.cfexe;C:\32788R22FWJFW;Program.PsExec.171;Incurable.Moved.;
GlobRemover.exe.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Home\Desktop\GlobRemover.exe.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Home\Desktop;Archive contains infected objects;;
GlobRemover.exe.exe;C:\Documents and Settings\Home\Desktop;Container contains infected objects;Moved.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\Jamie\Jamie Misc\Baby Looney Toons;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\misc file\CRAYOLA;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\misc file\CRAYOLA\ART;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\misc file\CRAYOLA\ART\DEMO;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\misc file\CRAYOLA\ART\FILES;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\misc file\CRAYOLA\FILES;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\misc file\CRAYOLA\GUEST;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\misc file\CRAYOLA\JENNY;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D);Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\DATA;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\Gamescr;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\Gamescr\1;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\Gamescr\2;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\Gamescr\3;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\Gamescr\4;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\Maps;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\CTF;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\DOCS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\DOCS\QUAKE2~1;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\DOCS\QUAKE2~1\IMAGES;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\ERASER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\ERASER\SAVE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\ERASER\SAVE\CURRENT;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\ERASER\SAVE\SAVE0;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\ROGUE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\RSRC;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\SRC;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\XATRIX;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\QUAKE2\XSRC;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\TOMB RAIDER 2;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\TOMB RAIDER 2\ffgggg;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Games\Toomb raider 2 (D)\UI;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Documents and Settings\Home\My Documents\My Pictures\My Photos\Baby Looney Toons;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0010-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0019-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-001B-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.en;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.es;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.fr;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0044-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-00A1-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\Groove.en-us;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\Access.en-us;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Help;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Help\ENU;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Reader;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Reader\ActiveX;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Reader\browser;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Reader\Optional;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Reader\plug_ins;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Reader\plug_ins\AcroForm;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Reader\plug_ins\AcroForm\JavaScripts;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Reader\plug_ins\Movie;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Resource;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Resource\CMap;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Resource\Font;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Adobe\Acrobat 4.0\Resource\Font\PFM;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead\CoverDesigner;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead\CoverDesigner\Templates;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead\Nero;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead\Nero\Cdi;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead\Nero\WaveEditor;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead\Nero ToolKit;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead\Shared;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead\Shared\AudioPlugins;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Ahead\WMPBurn;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\albums;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\animation;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\animation\coolsoft;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\animation\Navigator;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\cal1;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\cal1\calmonth;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\cal1\calWeek;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\cal1\calYear;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal11;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal11\calMonth;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal11\calWeek;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal11\calYear;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal12;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal12\calMonth;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal12\calWeek;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal12\calYear;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal2;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal2\calMonth;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal2\calWeek;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal2\calYear;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal3;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal3\calMonth;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal3\calWeek;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal3\calYear;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal4;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal4\calMonth;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal4\calWeek;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal4\calYear;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal5;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal5\CALMONTH;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal5\CALWEEK;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal5\CALYEAR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal6;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal6\CALMONTH;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal6\CALWEEK;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal6\CALYEAR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal7;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal7\CALMONTH;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal7\CALWEEK;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal7\CALYEAR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal8;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal8\calMonth;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal8\calWeek;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal8\calYear;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal9;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal9\calMonth;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal9\calWeek;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Calendar\Cal9\calYear;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Edges;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Fantasy;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Fantasy\roleplay;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Fantasy\sports;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Fantasy\surreal;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Fantasy\Timewarp;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Fantasy\tradingcards;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Frames;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Greeting;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\photos;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Registration;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Registration\Images;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Samples;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\shapes;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\SysAlbum;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Texture;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\ui;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Web;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\PhotoImpression 4\Web\media;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Albums;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Contents;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Contents\audio;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Contents\colors;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Contents\stills;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Contents\videos;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\MyPhotos;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\MyVideo;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Photos;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Tutorial;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\ui;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Web;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Web\media;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Web Registration;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ArcSoft\VideoImpression 1.6\Web Registration\Images;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\BOOKS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\BOOKS\SENDER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\Collections;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\Components;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\Content;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\Ereg;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\Ereg\Wininet;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\SHARED;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\USER002;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\USER002\ART;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\USER002\PROJECTS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\USER002\TMP;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\AG CreataCard\YYWB;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\animals;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\emoticons;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MavUser;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MavUser\Custom;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\people;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\places;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\Practice;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\Practice\14-Adult;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\Practice\5-8;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\Practice\9-13;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\templates;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\things;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Crystal Decisions;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Crystal Decisions\Report Designer Component;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Crystal Decisions\Report Designer Component\Cache;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\CyberLink;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\CyberLink\Common;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\CyberLink\Shared Files;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\CyberLink\Shared Files\AudioFilter;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\CyberLink\Shared Files\NavFilter;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\CyberLink\Shared Files\VideoFilter;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\ltmoh;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\CLIPART;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\CLIPART\PUB60COR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\CLIPART\Publisher;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Document Themes 12;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Document Themes 12\Theme Colors;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Document Themes 12\Theme Fonts;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\MEDIA;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\MEDIA\CAGCAT10;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\MEDIA\OFFICE12;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\MEDIA\OFFICE12\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\MEDIA\OFFICE12\AUTOSHAP;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\MEDIA\OFFICE12\BULLETS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\MEDIA\OFFICE12\LINES;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\Bibliography;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\DataServices;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\Americana;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\BabyBlue;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\Biscay;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\BrightOrange;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\BrightYellow;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\Desert;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\GrayCheck;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\Lime;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\Oasis;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\Slate;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\SoftBlue;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\Solutions;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\SpringGreen;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\STS2;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles\Swirl;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\PUBFTSCM;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\PUBSPAPR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1033\QuickStyles;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\1036;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\3082;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\AccessWeb;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\ACCWIZ;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\ADDINS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Bibliography;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Bibliography\Sort;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Bibliography\Style;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\BITMAPS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\BITMAPS\DBWIZ;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\BITMAPS\STYLES;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\BORDERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\CONVERT;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\CONVERT\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Document Parts;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Document Parts\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\FORMS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\FORMS\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Certificates;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Certificates\groove.net;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Certificates\groove.net\Components;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Certificates\groove.net\ManagedObjects;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Certificates\groove.net\Servers;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Certificates\Verisign;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Certificates\Verisign\Components;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Sounds;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Sounds\People;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Sounds\Places;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\Sounds\Things;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolBMPs;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\Calendar;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\CommonData;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\Computers;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\Discussion;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\DocumentShare;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveDocumentReview;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveProjectToolset;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basi;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fanc;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\Welcome Tool;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\ToolIcons;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\XML Files;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Groove\XML Files\Space Templates;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\INFFORMS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\INFFORMS\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\Library;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\MEDIA;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\OneNote;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\OutlookAutoDiscover;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\PAGESIZE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\PUBBA;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\PUBWIZ;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\QUERIES;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\SAMPLES;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\STARTUP;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Office12\XLSTART;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Stationery;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Stationery\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\1033\Access;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\1033\Access\WSS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\1033\FAX;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\1033\ONENOTE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\12;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\12\Notebook Templates;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\12\Stationery;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\12;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\12\MseNewFileItems;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Office\Templates\Presentation Designs;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Visual Studio;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Visual Studio\COMMON;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Visual Studio\COMMON\IDE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Visual Studio\COMMON\IDE\IDE98;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Works;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Microsoft Works\1033;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\MSBuild;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\MSN Gaming Zone;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Online Services;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Prolific Publishing Inc;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Prolific Publishing Inc\Sharks2;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAA;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAA\LETTERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAA\LETTERS\CUSTOMER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAA\LETTERS\EMPLOYEE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAA\LETTERS\VENDOR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAa;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAa\LETTERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAa\LETTERS\Customer;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAa\LETTERS\Employee;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAa\LETTERS\Vendor;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaa;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaa\LETTERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaa\LETTERS\CUSTOMER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaa\LETTERS\EMPLOYEE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaa\LETTERS\VENDOR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAab;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAab\LETTERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAab\LETTERS\CUSTOMER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAab\LETTERS\EMPLOYEE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAab\LETTERS\VENDOR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAac;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAac\LETTERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAac\LETTERS\CUSTOMER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAac\LETTERS\EMPLOYEE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAac\LETTERS\VENDOR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAad;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAad\LETTERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAad\LETTERS\CUSTOMER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAad\LETTERS\EMPLOYEE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAad\LETTERS\VENDOR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAae;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\Archives;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\Archives\Archives-Bellwether031507;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\Archives\Archives-Bellwether031507\LETTERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\Archives\Archives-Bellwether031507\LETTERS\CUSTOMER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\Archives\Archives-Bellwether031507\LETTERS\EMPLOYEE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\Archives\Archives-Bellwether031507\LETTERS\VENDOR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\LETTERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\LETTERS\CUSTOMER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\LETTERS\EMPLOYEE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\AAAAAAaf\LETTERS\VENDOR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\Forms;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\labsafin;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\labsafin\LETTERS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\labsafin\LETTERS\Customer;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\labsafin\LETTERS\Employee;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\labsafin\LETTERS\Vendor;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\Letters;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Company\Reports;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\doc;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Help;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Help\Demos;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\IAR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\IAR\Images;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Lex;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\bin;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\bin\client;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\javaws;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\javaws\resources;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\applet;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\cmm;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\ext;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\fonts;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\i386;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\im;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\images;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\images\cursors;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\security;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\Africa;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\America;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\America\Indiana;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\America\Kentucky;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\America\North_Dakota;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\Antarctica;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\Asia;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\Atlantic;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\Australia;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\Etc;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\Europe;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\Indian;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\JRE\lib\zi\Pacific;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\lib;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\security;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\security\trusts;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\PeachJava\security\trusts\default;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\System;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sage Software\Peachtree\Tutor;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\SereneScreen;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\SereneScreen\Marine Aquarium 2.6;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Application Launcher;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Connection Wizard;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Device Manager;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Drivers;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Drivers\Signed;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\File Manager;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Image Editor;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\InstSupport;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\Archive;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\Archive\Animations;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\Archive\Backgrounds;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\Archive\Pictures;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\Archive\Sounds;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\Help;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\language;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\language\MMSComposer;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\Messages;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\Skins;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\work;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Mobile Networking Wizard;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Notifier;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\OCS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Sync Station;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Sync Station\forms;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Telecalib;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Sony Ericsson\Mobile2\Telecalib\Log Settings;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Uninstall Information;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Web Publish;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\Web Publish\LOGFILES;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\WIBU-SYSTEMS;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\WIBU-SYSTEMS\System;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\WIBUKEY;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\WIBUKEY\Bin;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\WIBUKEY\Help;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\WIBUKEY\Server;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\WIBUKEY\Setup;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\xerox;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\xerox\nwwia;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\RECYCLER;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\_ISTMP1.DIR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\_ISTMP2.DIR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\_ISTMP3.DIR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\_ISTMP4.DIR;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\_ISTMP5.DIR;Win32.HLLW.Gavir.ini;Deleted.;

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:13 AM

Posted 16 February 2009 - 05:06 PM

Your system Is/Was infected with a file infector. These type of infections modify system files, and don't appear in logs, because the files themselves are legitimate.

I would strongly recomend format and reinstallation of this machine. For more information, you may wish to read one of these excellent articles:Please let me know what you would like to do.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 foxychick577

foxychick577
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:13 AM

Posted 18 February 2009 - 09:59 AM

Hello Billy,

Sadly i'm not sure what to do, I'm afraid that i might make the situation worst trying format and reinstall, so i think i'll seek professional help.

Thank you for all your help! :thumbup2:

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:13 AM

Posted 18 February 2009 - 07:42 PM

Hello, foxychick577

You're welcome :) Sorry we couldn't do a better job on that :thumbup2:

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users