Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Always Pops "runtime Error 32 At 00404ba6",


  • This topic is locked This topic is locked
16 replies to this topic

#1 zhijie

zhijie

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 16 July 2006 - 12:58 PM

Hi,

A few problems:



1) After i enters XP, my virus scaner will pop up a info.stealer message, indicating the file ztdll.dll file residing in system32 folder. cannot quarrentine or delete.


2) Sometimes when i am browsing web, it pops up a message indication fatal error, and microsoft XP has to close IE, and explorer.


3) Sometimes my window will pop "runtime error 32 at 00404BA6", and if i dun do anything, it will keep poping.






Heres is my hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 1:23:51 AM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\smss.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NUS-VPN\cvpnd.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Alias\Maya6.5\docs\wrapper.exe
E:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
D:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\tppaldr.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\VKTServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Azureus\Azureus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rowan Atkinson\Desktop\HijackThis.exe

F3 - REG:win.ini: load=C:\PROGRA~1\svhost32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\smss.exe,
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: NVRIEbar.IEbar - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - D:\Program Files\Naturalsoft\NaturalReader61\NVRIEBar.dll
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Thunder] "D:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: National University of Singapore NUS-VPN Client.lnk = C:\Program Files\NUS-VPN\vpngui.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Sothink SWF Decompiler - d:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - d:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - d:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137948483000
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B10E9E2-E051-470C-B276-A9E05999E333}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: KB455373M.LOG
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - E:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "E:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - D:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "D:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: MySql - Unknown owner - D:/Program Files/mysql/bin/mysqld-nt.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - d:\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)



Thanks
Zhijie

BC AdBot (Login to Remove)

 


#2 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 18 July 2006 - 01:00 AM

Hi,

Welcome to BleepingComputer. I will be more than happy to help you work on your problems.
Please give me some time to review your log as this can be a lengthy process. As soon as a BleepingComputer Staff Expert reviews my fix, I will post it for you.
In the mean time, if any problems occur. Please let me know.
Please only use this topic to reply to. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.
If you’re unsure of anything at all please stop and ask!
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 18 July 2006 - 03:52 AM

ok thanks

#4 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 19 July 2006 - 04:22 AM

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#5 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 19 July 2006 - 05:34 AM

here is the uninstall list



ABITEQ
AC3Filter (remove only)
Adobe Acrobat 5.0
Adobe Acrobat 7.0.5 Professional
Adobe After Effects 6.5
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Premiere Pro 1.5
Adobe Stock Photos 1.0
Adult PDF Password Recovery v2.2.0
Alias DirectConnect 2.0
Apache Tomcat 5.5 (remove only)
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
Autodesk MapGuide® Viewer ActiveX Control Release 6.5
Azureus
backburner 2.1
BitTorrent 4.0.1
Business-in-a-Box (Demo Version)
Canon iP4200
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD to WAV and MP3 Ripper
CD-LabelPrint
CLIE MS SCSI Driver
Combined Community Codec Pack 2006-05-01 (Remove Only)
DivX Player
DivX Pro Trial
Easy-WebPrint
FEAR
FlashMenu
Focus 30,000 Photos
FTP Commander
GLOBEtrotter FLEXid Drivers
Google Earth
GunBound
HijackThis 1.99.1
HyperVcam Mobile
ICQ
ICQ 5
Image Icon Converter 1.3
ImageStation Easy Upload Tools
InCD
Ink
J2SE Development Kit 5.0
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
JPad Pro
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
MATLAB Family of Products Release 14
Maya 6.0
Maya 6.0 Documentation Server
Maya 6.5
Maya 7.0
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Device Emulator version 1.0 - ENU
Microsoft Office Visio Professional 2003
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2000
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
mIRC
Mozilla Firefox (1.5)
MS Export
MSN Music Assistant
MSN Shell
MSXML 6.0 Parser
MySQL Control Center
MySQL Servers and Clients 4.0.23
Natural Voice Crystal16
Natural Voice Mike16
NaturalReader
Nero Suite
NVIDIA nForce Drivers
Palm Desktop
Palm Desktop
Pen Tablet
PictureGear 4.6Lite
Project64 1.6
QuickTime
Rational Rose Enterprise Edition
RealPlayer
Registry Mechanic
Sentinel System Driver
SnagIt 6
Sothink SWF Decompiler
SpeechRedist
Spyware Doctor 3.1
SSH Secure Shell
Sun™ Download Manager 1.2
Swift 3D v3.00.172 Full
SwiftMP3 1.0
SWiSHmax
Symantec AntiVirus
The Font Thing
Thunder5
TPP Storage Driver Installation
Unreal Tournament 2004
Update for Windows XP (KB898461)
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
VideoLAN VLC media player 0.8.2
VPN Client
Win AVI HelixSDK
Winamp (remove only)
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Related
Windows XP Service Pack 2
WinRAR archiver
WinZip
World of Warcraft
Xara3D 5
XviD MPEG-4 Video Codec






I have found further problem to this issue. iexplorer.exe keeps showing up in my task manage, even when i did not open any explorer. i Closed them all and they keep appearing.

Thanks,
Zhijie

#6 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 19 July 2006 - 07:41 PM

It appears you have been infected by Infostealer.Wowcraft, a keylogging trojan that attempts to steal passwords associated with World of Warcraft. I would change all passwords associated with World of Warcraft, as well as any other passwords on your system (just to be safe).



Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please remove these entries from Add or Remove Programs in the Control Panel(if present):

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4

The following are optional; however, any time your are running any type of P2P application, you are FAR more prone to infection by malware. Your current infections are likely due to P2P use. At the VERY LEAST, please refrain from using any p2p programs while we are cleaning your computer:

Azureus
BitTorrent 4.0.1

Please note any other programs that you dont recognize in that list in your next response

(an easy way to get to Add or Remove programs is to go to start-->run and type appwiz.cpl)

***************************************

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.


Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
    Note: If the Update now option is grayed out, follow the steps below.
  • Click on Update on the toolbar.
  • Under Manual update, click on the Start Update button.
  • Wait until you see the Update succesfull message.
[*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
[/list]If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

***************************************

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

F3 - REG:win.ini: load=C:\PROGRA~1\svhost32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\smss.exe,
O20 - AppInit_DLLs: KB455373M.LOG

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.

***************************************

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***************************************

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
***************************************

Open Killbox:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\svhost32.exe
    C:\Program Files\rundll32.exe
    C:\Program Files\Internat.exe
    C:\Windows\System32\msdll.dll
    C:\WINDOWS\smss.exe
    C:\Windows\System32\DBST32NT.LOG
    C:\WINDOWS\dnts.dat
    C:\Windows\System32\KB455373M.LOG
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    NOTE: You must use the File menu--pasting by right-clicking the mouse will only enter one file.

  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

***************************************

After reboot,

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Please post:
  • Ewido log
  • A new HijackThis log
  • panda log
Your may need several replies to post the requested logs, otherwise they might get cut off.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#7 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 20 July 2006 - 03:48 AM

Hi,

Did the stuffs you said, and its fixed!
thanks,

However the panda scan doesnt seem to work for me

Heres the ewido log
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:49:42 PM 7/20/2006

+ Scan result:



HKLM\SOFTWARE\Dsi -> Adware.Delfin : Cleaned with backup (quarantined).
D:\Program Files\CD to WAV and MP3 Ripper\mm332.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
D:\Program Files\CD to WAV and MP3 Ripper\NH20040517.4a.EE.exe/NHInstall.exe -> Adware.NavExcel : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ciadmin9.exe -> Adware.UrlSpy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\AfxEdit.dll -> Downloader.Agent.apl : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\swflash.dll -> Downloader.Agent.apl : Cleaned with backup (quarantined).
C:\boot.hta -> Downloader.Agent.h : Cleaned with backup (quarantined).
C:\Program Files\svhost32.exe -> Logger.Agent.nf : Cleaned with backup (quarantined).
C:\dd.exe -> Logger.Agent.nf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rx.dll -> Logger.Delf.kl : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@ad-logics[2].txt -> TrackingCookie.Ad-logics : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@adserver.ads360[1].txt -> TrackingCookie.Ads360 : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@euniverseads[1].txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@gator[1].txt -> TrackingCookie.Gator : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@webpdp.gator[1].txt -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@ehg-sonyesolutions.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@incredifind[2].txt -> TrackingCookie.Incredifind : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@www.incredifind[2].txt -> TrackingCookie.Incredifind : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@adserv.internetfuel[2].txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@www.shopathomeselect[2].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@ads.x10[2].txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Rowan Atkinson\Application Data\Mozilla\Firefox\Profiles\f9mzm7ul.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
D:\Zheng\documents and settings\wyne\Cookies\wyne@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\NotoPad.DLL -> Trojan.Lmir.axo : Cleaned with backup (quarantined).
[832] C:\WINDOWS\NotoPad.DLL -> Trojan.Lmir.axo : Error during cleaning.
C:\Program Files\Common Files\System\mh.exe -> Trojan.WOW.de : Cleaned with backup (quarantined).


::Report end












Heres the hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 4:39:50 PM, on 7/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NUS-VPN\cvpnd.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
d:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Alias\Maya6.5\docs\wrapper.exe
E:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
D:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\tppaldr.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\System32\Tablet.exe
D:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rowan Atkinson\Desktop\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: NVRIEbar.IEbar - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - D:\Program Files\Naturalsoft\NaturalReader61\NVRIEBar.dll
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Thunder] "D:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe
O4 - HKLM\..\Run: [Internet] C:\Program Files\Internet Explorer\iedemo.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: National University of Singapore NUS-VPN Client.lnk = C:\Program Files\NUS-VPN\vpngui.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Sothink SWF Decompiler - d:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - d:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - d:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137948483000
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B10E9E2-E051-470C-B276-A9E05999E333}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - E:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "E:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - D:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "D:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: MySql - Unknown owner - D:/Program Files/mysql/bin/mysqld-nt.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - d:\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: VKTServ - Unknown owner - C:\WINDOWS\system32\VKTServ.exe (file missing)





Thanks
Zhijie

#8 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 20 July 2006 - 09:36 AM

panda hasn't been working for other people as well, so don't worry.

try this online scan instead:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#9 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 20 July 2006 - 11:15 PM

hi

heres the log



Friday, July 21, 2006 3:04:14 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/07/2006
Kaspersky Anti-Virus database records: 208746


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 103452
Number of viruses found 63
Number of infected objects 232 / 0
Number of suspicious objects 2
Duration of the scan process 02:15:38

Infected Object Name Virus Name Last Action
C:\!KillBox\smss.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40002.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40003.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40004.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40005.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40006.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40007.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40008.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40009.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000A.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000B.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000C.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000D.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000E.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540001.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540002.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540003.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540004.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540005.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540006.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540007.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540008.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000A.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000B.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000C.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000D.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000E.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000F.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F80000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00001.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00002.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00003.VBN Infected: not-a-virus:AdWare.Win32.UrlSpy.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00004.VBN Infected: Trojan-Downloader.Win32.Agent.adz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00005.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F200000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F280000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800001.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800002.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800003.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800004.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800005.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800006.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800007.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940001.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB80000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE00000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE00001.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_130.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\infected.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Working\database_3E00_5A1A_59_DA0B\dfsr.db Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Working\database_3E00_5A1A_59_DA0B\fsr.log Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Working\database_3E00_5A1A_59_DA0B\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Working\database_3E00_5A1A_59_DA0B\tmp.edb Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Windows Live Contacts\zhijie1130@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Windows Live Contacts\zhijie1130@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\History\History.IE5\MSHist012006072120060722\index.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~DF3580.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~DF358D.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~DF41C0.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~DF422F.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~ef27b0\~efe2.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~ef4654\~efe2.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\ntuser.dat.LOG Object is locked skipped

C:\ee.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\Program Files\Common Files\System\3.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_361.trc Object is locked skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\05825246 Infected: not-a-virus:AdWare.Win32.UrlSpy.b skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\08331AD3.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0DC82AF4 Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0E7272E0 Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\141F22D3 Infected: Trojan-Downloader.Win32.Swizzor.az skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14234CD0 Infected: Trojan-Downloader.Win32.Dyfuca.cs skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\142676CC Infected: Trojan-Downloader.Win32.IstBar.fi skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\142920C8 Infected: Trojan-Downloader.Win32.Dyfuca.cq skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\142D4AC5 Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\143074C1 Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14331EBE Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\143648BA Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\143A72B6 Infected: not-a-virus:AdWare.Win32.PowerScan.b skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15D26DFF.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\163B14E4.dll Infected: Trojan-Dropper.Win32.Gvuz.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\168D6E2A.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1C101EA0 Infected: not-a-virus:AdWare.Win32.BiSpy.m skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\251D6FED Infected: Trojan-Downloader.Win32.VB.cw skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25276DE2 Infected: Trojan-Downloader.Win32.Turown.g skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\252A17DE Infected: Trojan-Downloader.Win32.Turown.i skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2BD8240B Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30005437.zip/britney.jpg .scr Infected: Email-Worm.Win32.Mabutu.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30005437.zip ZIP: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30005437.zip CryptFF: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30734F4D Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\31891CE3 Infected: Trojan-Downloader.Win32.Dyfuca.cr skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA NSIS: infected - 3 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA CryptFF: infected - 3 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347213F6 Infected: Trojan-Spy.Win32.Briss.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\34753DF3 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347867EF/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347867EF/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347867EF Embedded CAB: infected - 2 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347867EF CryptFF: infected - 2 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\359B255A Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3D1A58E2 Infected: Trojan-Downloader.Win32.IstBar.fa skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\423D0409 Infected: Trojan-Downloader.JS.IstBar.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\434858E9 Infected: Trojan-Downloader.Win32.Dyfuca.cv skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\474832CD Infected: not-a-virus:AdWare.Win32.WebSearch.aw skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4E664A01.htm Suspicious: Exploit.HTML.Mht skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C594945 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5FCB0CDD Infected: Trojan-Downloader.Win32.IstBar.eo skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\638B42CB Infected: not-a-virus:AdWare.Win32.BiSpy.p skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\638E6CC8 Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65144F0E.exe Infected: Trojan.Win32.StartPage.fg skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\657E1B9E Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\66A22B98 Infected: Trojan-Downloader.JS.IstBar.b skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68823DD5 Infected: not-a-virus:AdWare.Win32.SideFind skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6C3C572B.htm Suspicious: Exploit.HTML.Mht skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6C497F1D.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6C4C2919.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6C580C07 Infected: Trojan.Win32.Dialer.fu skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6F6F01A5.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\712D48D4 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\71B601FE.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\763B2D4D Infected: not-a-virus:AdWare.Win32.BiSpy.q skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP593\A0192124.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP594\A0192168.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP594\A0192190.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192257.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192268.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192317.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192321.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192323.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192329.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192330.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192331.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192337.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192343.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192346.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192350.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192351.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192352.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192353.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192354.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192355.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192370.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192371.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192377.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192384.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192385.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP595\A0192386.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192449.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192450.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192451.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192452.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192454.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192455.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192456.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192457.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192460.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192461.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192462.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192463.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192464.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192465.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192466.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192467.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192469.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192470.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192512.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192516.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192517.dll Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192520.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192531.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192533.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192534.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192537.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP596\A0192538.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192560.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192561.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192562.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192572.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192573.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192602.exe Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192608.exe Infected: Trojan-Downloader.Win32.Agent.apl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192615.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192741.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192759.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192760.dll Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192816.dll Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192926.dll Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192952.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192953.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0192954.dll Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0193004.dll Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0193005.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0193006.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP597\A0193009.dll Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193445.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193446.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193447.dll Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193476.exe Infected: not-a-virus:AdWare.Win32.IEDriver.a skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193484.hta Infected: Trojan-Downloader.HTA.Agent.h skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193485.exe Infected: Trojan-Spy.Win32.Agent.nf skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193486.exe Infected: Trojan-Spy.Win32.Agent.nf skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193488.dll Infected: Trojan-Spy.Win32.Delf.kl skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193490.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193491.exe Infected: not-a-virus:AdWare.Win32.UrlSpy.a skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\A0193495.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP600\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\MEMORY.DMP Object is locked skipped

C:\WINDOWS\reg1.dll Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\WINDOWS\regsvr.dll Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd8637.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\hsperfdata_SYSTEM\2924 Object is locked skipped

C:\WINDOWS\Temp\hsperfdata_SYSTEM\828 Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.EZula.a skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0017.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0017.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0017.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0017.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0017.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0018.BIN/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0018.BIN/data0006 Infected: Trojan-Downloader.Win32.Turown.i skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0018.BIN/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0018.BIN/data0011 Infected: Trojan-Downloader.Win32.Turown.i skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0018.BIN/data0013 Infected: Trojan-Downloader.Win32.VB.cw skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.VB.cw skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0019.BIN/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0019.BIN/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0019.BIN/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.MyWay.c skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0021.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0021.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0021.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0024.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0024.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0024.BIN/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0024.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0024.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

D:\Jie\My Downloads\orange_decoder.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

D:\Jie\My Downloads\orange_decoder.exe WiseSFX: infected - 29 skipped

D:\Jie\u_utility_downloads\iMeshV4.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped

D:\Jie\u_utility_downloads\iMeshV4.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped

D:\Jie\u_utility_downloads\iMeshV4.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.EZula.w skipped

D:\Jie\u_utility_downloads\iMeshV4.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped

D:\Jie\u_utility_downloads\iMeshV4.exe


could not let it scan finish because of insuffienct space in my hdd



regards,
Zhijie

#10 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 20 July 2006 - 11:34 PM

Open up Norton Antivirus, go to the Quarantine section and delete its contents.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
Open Killbox:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\reg1.dll
    C:\ee.exe
    C:\WINDOWS\regsvr.dll
    D:\Jie\My Downloads\orange_decoder.exe
    D:\Jie\u_utility_downloads\iMeshV4.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    NOTE: You must use the File menu--pasting by right-clicking the mouse will only enter one file.

  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.


The above steps should free some space on your HD. Now please try the online scan again and post the results as well as a new hijackthis log.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#11 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 22 July 2006 - 06:21 AM

Hi,


Heres the hijack


Logfile of HijackThis v1.99.1
Scan saved at 7:18:37 PM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NUS-VPN\cvpnd.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
d:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Alias\Maya6.5\docs\wrapper.exe
E:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
D:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
D:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Rowan Atkinson\Desktop\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: NVRIEbar.IEbar - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - D:\Program Files\Naturalsoft\NaturalReader61\NVRIEBar.dll
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Thunder] "D:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: National University of Singapore NUS-VPN Client.lnk = C:\Program Files\NUS-VPN\vpngui.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Sothink SWF Decompiler - d:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137948483000
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B10E9E2-E051-470C-B276-A9E05999E333}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - E:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "E:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - D:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "D:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: MySql - Unknown owner - D:/Program Files/mysql/bin/mysqld-nt.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - d:\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

#12 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 22 July 2006 - 09:47 AM

and the new kaspersky log?
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#13 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 23 July 2006 - 09:05 PM

hihi
Heres te scan. took 5 hrs to complete


Monday, July 24, 2006 10:02:53 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/07/2006
Kaspersky Anti-Virus database records: 209388


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 318082
Number of viruses found 60
Number of infected objects 227 / 0
Number of suspicious objects 2
Duration of the scan process 05:13:20

Infected Object Name Virus Name Last Action
C:\!KillBox\iMeshV4.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped

C:\!KillBox\iMeshV4.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped

C:\!KillBox\iMeshV4.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.EZula.w skipped

C:\!KillBox\iMeshV4.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped

C:\!KillBox\iMeshV4.exe WiseSFX: infected - 4 skipped

C:\!KillBox\iMeshV4.exe( 1)/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped

C:\!KillBox\iMeshV4.exe( 1)/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped

C:\!KillBox\iMeshV4.exe( 1)/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.EZula.w skipped

C:\!KillBox\iMeshV4.exe( 1)/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped

C:\!KillBox\iMeshV4.exe( 1) WiseSFX: infected - 4 skipped

C:\!KillBox\orange_decoder.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.EZula.a skipped

C:\!KillBox\orange_decoder.exe/WISE0017.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

C:\!KillBox\orange_decoder.exe/WISE0017.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\!KillBox\orange_decoder.exe/WISE0017.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

C:\!KillBox\orange_decoder.exe/WISE0017.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\!KillBox\orange_decoder.exe/WISE0017.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\!KillBox\orange_decoder.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\!KillBox\orange_decoder.exe/WISE0018.BIN/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped

C:\!KillBox\orange_decoder.exe/WISE0018.BIN/data0006 Infected: Trojan-Downloader.Win32.Turown.i skipped

C:\!KillBox\orange_decoder.exe/WISE0018.BIN/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped

C:\!KillBox\orange_decoder.exe/WISE0018.BIN/data0011 Infected: Trojan-Downloader.Win32.Turown.i skipped

C:\!KillBox\orange_decoder.exe/WISE0018.BIN/data0013 Infected: Trojan-Downloader.Win32.VB.cw skipped

C:\!KillBox\orange_decoder.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.VB.cw skipped

C:\!KillBox\orange_decoder.exe/WISE0019.BIN/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\!KillBox\orange_decoder.exe/WISE0019.BIN/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped

C:\!KillBox\orange_decoder.exe/WISE0019.BIN/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\!KillBox\orange_decoder.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\!KillBox\orange_decoder.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.MyWay.c skipped

C:\!KillBox\orange_decoder.exe/WISE0021.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\!KillBox\orange_decoder.exe/WISE0021.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\!KillBox\orange_decoder.exe/WISE0021.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\!KillBox\orange_decoder.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\!KillBox\orange_decoder.exe/WISE0024.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped

C:\!KillBox\orange_decoder.exe/WISE0024.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

C:\!KillBox\orange_decoder.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

C:\!KillBox\orange_decoder.exe/WISE0024.BIN/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\!KillBox\orange_decoder.exe/WISE0024.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\!KillBox\orange_decoder.exe/WISE0024.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\!KillBox\orange_decoder.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\!KillBox\orange_decoder.exe WiseSFX: infected - 29 skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.EZula.a skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0017.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0017.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0017.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0017.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0017.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0018.BIN/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0018.BIN/data0006 Infected: Trojan-Downloader.Win32.Turown.i skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0018.BIN/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0018.BIN/data0011 Infected: Trojan-Downloader.Win32.Turown.i skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0018.BIN/data0013 Infected: Trojan-Downloader.Win32.VB.cw skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0018.BIN Infected: Trojan-Downloader.Win32.VB.cw skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0019.BIN/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0019.BIN/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0019.BIN/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.MyWay.c skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0021.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0021.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0021.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0024.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0024.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0024.BIN/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0024.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0024.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\!KillBox\orange_decoder.exe( 2)/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\!KillBox\orange_decoder.exe( 2) WiseSFX: infected - 29 skipped

C:\!KillBox\regsvr.dll Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\!KillBox\regsvr.dll( 3) Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\!KillBox\smss.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\!KillBox\smss.exe( 1) Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05380000.VBN Infected: Trojan-PSW.Win32.Lmir.axs skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05380001.VBN Infected: Trojan-PSW.Win32.QQPass.hn skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40002.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40003.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40004.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40005.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40006.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40007.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40008.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40009.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000A.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000B.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000C.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000D.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D4000E.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540001.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540002.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540003.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540004.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540005.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540006.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540007.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540008.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000A.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000B.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000C.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000D.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000E.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0754000F.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F80000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00001.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00002.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00003.VBN Infected: not-a-virus:AdWare.Win32.UrlSpy.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00004.VBN Infected: Trojan-Downloader.Win32.Agent.adz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00005.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F200000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F280000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800001.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800002.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800003.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800004.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800005.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800006.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F800007.VBN Infected: Trojan-PSW.Win32.WOW.de skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940001.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB80000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE00000.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FE00001.VBN Infected: Trojan-PSW.Win32.Lineage.acw skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_304.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\infected.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Working\database_3E00_5A1A_59_DA0B\dfsr.db Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Working\database_3E00_5A1A_59_DA0B\fsr.log Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Working\database_3E00_5A1A_59_DA0B\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Messenger\zhijie1130@hotmail.com\SharingMetadata\Working\database_3E00_5A1A_59_DA0B\tmp.edb Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Windows Live Contacts\zhijie1130@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Application Data\Microsoft\Windows Live Contacts\zhijie1130@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\History\History.IE5\MSHist012006072420060725\index.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~DF2A92.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~DF3C97.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~DF9781.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temp\~DFA13E.tmp Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Rowan Atkinson\UserData\index.dat Object is locked skipped

C:\Program Files\Common Files\System\3.exe Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_371.trc Object is locked skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\05825246 Infected: not-a-virus:AdWare.Win32.UrlSpy.b skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\08331AD3.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0DC82AF4 Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0E7272E0 Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\141F22D3 Infected: Trojan-Downloader.Win32.Swizzor.az skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14234CD0 Infected: Trojan-Downloader.Win32.Dyfuca.cs skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\142676CC Infected: Trojan-Downloader.Win32.IstBar.fi skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\142920C8 Infected: Trojan-Downloader.Win32.Dyfuca.cq skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\142D4AC5 Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\143074C1 Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14331EBE Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\143648BA Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\143A72B6 Infected: not-a-virus:AdWare.Win32.PowerScan.b skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15D26DFF.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\163B14E4.dll Infected: Trojan-Dropper.Win32.Gvuz.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\168D6E2A.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1C101EA0 Infected: not-a-virus:AdWare.Win32.BiSpy.m skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\251D6FED Infected: Trojan-Downloader.Win32.VB.cw skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25276DE2 Infected: Trojan-Downloader.Win32.Turown.g skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\252A17DE Infected: Trojan-Downloader.Win32.Turown.i skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2BD8240B Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30005437.zip/britney.jpg .scr Infected: Email-Worm.Win32.Mabutu.a skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30005437.zip ZIP: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30005437.zip CryptFF: infected - 1 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30734F4D Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\31891CE3 Infected: Trojan-Downloader.Win32.Dyfuca.cr skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA NSIS: infected - 3 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\346E69FA CryptFF: infected - 3 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347213F6 Infected: Trojan-Spy.Win32.Briss.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\34753DF3 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347867EF/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347867EF/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347867EF Embedded CAB: infected - 2 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\347867EF CryptFF: infected - 2 skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\359B255A Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3D1A58E2 Infected: Trojan-Downloader.Win32.IstBar.fa skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\423D0409 Infected: Trojan-Downloader.JS.IstBar.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\434858E9 Infected: Trojan-Downloader.Win32.Dyfuca.cv skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\474832CD Infected: not-a-virus:AdWare.Win32.WebSearch.aw skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4E664A01.htm Suspicious: Exploit.HTML.Mht skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C594945 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5FCB0CDD Infected: Trojan-Downloader.Win32.IstBar.eo skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\638B42CB Infected: not-a-virus:AdWare.Win32.BiSpy.p skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\638E6CC8 Infected: Trojan-Downloader.Win32.Agent.ae skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65144F0E.exe Infected: Trojan.Win32.StartPage.fg skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\657E1B9E Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\66A22B98 Infected: Trojan-Downloader.JS.IstBar.b skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68823DD5 Infected: not-a-virus:AdWare.Win32.SideFind skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6C3C572B.htm Suspicious: Exploit.HTML.Mht skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6C497F1D.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6C4C2919.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6C580C07 Infected: Trojan.Win32.Dialer.fu skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6F6F01A5.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\712D48D4 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\71B601FE.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\763B2D4D Infected: not-a-virus:AdWare.Win32.BiSpy.q skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193827.dll Infected: Trojan-Spy.Win32.Delf.jm skipped

C:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\MEMORY.DMP Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd8637.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\hsperfdata_SYSTEM\2748 Object is locked skipped

C:\WINDOWS\Temp\hsperfdata_SYSTEM\640 Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.EZula.a skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0017.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0017.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0017.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0017.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0017.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0018.BIN/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0018.BIN/data0006 Infected: Trojan-Downloader.Win32.Turown.i skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0018.BIN/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0018.BIN/data0011 Infected: Trojan-Downloader.Win32.Turown.i skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0018.BIN/data0013 Infected: Trojan-Downloader.Win32.VB.cw skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.VB.cw skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0019.BIN/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0019.BIN/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0019.BIN/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.MyWay.c skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0021.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0021.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0021.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0024.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0024.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0024.BIN/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0024.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0024.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193828.exe WiseSFX: infected - 29 skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193829.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193829.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193829.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.EZula.w skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193829.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\A0193829.exe WiseSFX: infected - 4 skipped

D:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\change.log Object is locked skipped

D:\Zheng\Downloads\iMeshV4.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped

D:\Zheng\Downloads\iMeshV4.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped

D:\Zheng\Downloads\iMeshV4.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.EZula.w skipped

D:\Zheng\Downloads\iMeshV4.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped

D:\Zheng\Downloads\iMeshV4.exe WiseSFX: infected - 4 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{773E1770-756D-4B9C-8C25-CE0152673C5E}\RP601\change.log Object is locked skipped

Scan process completed.


Regards
Zhijie

#14 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 23 July 2006 - 09:10 PM

Open Killbox:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Common Files\System\3.exe
    D:\Zheng\Downloads\iMeshV4.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    NOTE: You must use the File menu--pasting by right-clicking the mouse will only enter one file.

  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

then, post a new hijackthis log.

how is your PC behaving?
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#15 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 25 July 2006 - 12:04 AM

hihi,

My PC is working fine. No trouble now. except i did the cleaning twice. now no more. Thanks very much. Heres the Log,

Logfile of HijackThis v1.99.1
Scan saved at 1:00:11 PM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NUS-VPN\cvpnd.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
d:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Alias\Maya6.5\docs\wrapper.exe
E:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
D:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\tppaldr.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
C:\DOCUME~1\ROWANA~1\LOCALS~1\Temp\~e5d141.tmp
C:\DOCUME~1\ROWANA~1\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Rowan Atkinson\Desktop\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: NVRIEbar.IEbar - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - D:\Program Files\Naturalsoft\NaturalReader61\NVRIEBar.dll
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Thunder] "D:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: National University of Singapore NUS-VPN Client.lnk = C:\Program Files\NUS-VPN\vpngui.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Sothink SWF Decompiler - d:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137948483000
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B10E9E2-E051-470C-B276-A9E05999E333}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - E:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "E:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - D:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "D:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: MySql - Unknown owner - D:/Program Files/mysql/bin/mysqld-nt.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - d:\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)



Thanks,
Zhijie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users