Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Eating My Memory


  • This topic is locked This topic is locked
16 replies to this topic

#1 JoAnnB

JoAnnB

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 16 June 2007 - 08:08 AM

Hi. I have three different virus scans and spyware removal. I have posted my hijackthis log below. Can you tell me if it is gone? Whatever it was, was eating my memory. I sure hope it is gone or help me make it go away. thanks.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:59:52 AM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\AOL\1166538757\ee\SSCEvtHdlr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Documents and Settings\Administrator\My Documents\download programs\HiJackThis_v2.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B426F491-094C-43D4-8F16-ED4AE190032D} - C:\WINDOWS\system32\driverl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166538757\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1166538757\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\2003\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B4F8F8F-9CE3-4C54-BDB7-66F44E2F62A1} (IChartDocMngr Control) - https://webidc1.ichart.com/exv/installs/iChartDocMngr.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173479062280
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173481246545
O16 - DPF: {792A484F-C378-4B63-AD28-EF4FD490F00E} (IChartLogger Control) - https://webidc1.ichart.com/exv/installs/iChartLogger.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9020 bytes

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:37 AM

Posted 16 June 2007 - 02:41 PM

Hello JoAnnB,


You will need to configure Windows to show Hidden files.

Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\system32\driverl.dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.

Once scanned, copy and paste the results also in your next reply.

I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.

****************************

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
****************************


Please run this Online Virus Scanner.

You will need to use Internet Explorer for this scan.
Disable your antivirus program and go here to run BitDefender Online Scan.
Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.

NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

****************************

You posted a Hijackthis that is run from a beta version of Hijackthis. This verson still has bugs in it so we do not use it. :thumbsup:

Please delete that Beta version and download the latest version from the following link:

HijackThis Download Site with installer
Just click on Hijackthis_sfx.exe file that you downloaded.
A WinZip self extractor screen appears with the default location of C:\Program Files\Hijackthis.
Then press the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it.

If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on.

Please post a fresh Hijackthis log, the Virus Total results, and BitDefender log.

Edited by SifuMike, 16 June 2007 - 02:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 JoAnnB

JoAnnB
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 16 June 2007 - 03:09 PM

STATUS: QUEUEDYour file "driverl.dll" is queued in position: 32. Estimated start time is between 4 and 6 minutes.

Antivirus Version Update Result


Aditional Information

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:52 PM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1166538757\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\AOL\1166538757\ee\SSCEvtHdlr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\AOL\1166538757\ee\aolsoftware.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\mcafee.com\personal firewall\MpfTray.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B426F491-094C-43D4-8F16-ED4AE190032D} - C:\WINDOWS\system32\driverl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166538757\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1166538757\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\2003\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B4F8F8F-9CE3-4C54-BDB7-66F44E2F62A1} (IChartDocMngr Control) - https://webidc1.ichart.com/exv/installs/iChartDocMngr.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173479062280
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173481246545
O16 - DPF: {792A484F-C378-4B63-AD28-EF4FD490F00E} (IChartLogger Control) - https://webidc1.ichart.com/exv/installs/iChartLogger.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:37 AM

Posted 16 June 2007 - 03:56 PM

Hi JoAnnB

You forgot to post the the Virus Total results, and BitDefender log. :thumbsup:

Also, from your log, I see you have not updated your Java yet.

Edited by SifuMike, 16 June 2007 - 03:57 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 JoAnnB

JoAnnB
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 June 2007 - 04:01 PM

First of all, I ran the bit defender and saved the log, but cannot get it to open. Second of all, there is not enough memory on my computer from this mess to install the java...

I ran bit defender a second time and it tells me there are no problems, now, but the first time, it found viruses, but cleaned it up.

Below are the other two...the first one is before I ran bit defender...the hijackthis log is after.

How do I get my memory cleaned up now that the virsuses are gone, or at least I think they are.

STATUS: FINISHEDComplete scanning result of "driverl.dll", received in VirusTotal at 06.16.2007, 23:26:50 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.9.0 06.08.2007 no virus found
AntiVir 7.4.0.32 06.16.2007 HEUR/Malware
Authentium 4.93.8 06.16.2007 no virus found
Avast 4.7.997.0 06.16.2007 Win32:Kolweb-N
AVG 7.5.0.467 06.08.2007 no virus found
BitDefender 7.2 06.16.2007 no virus found
CAT-QuickHeal 9.00 06.16.2007 no virus found
ClamAV devel-20070416 06.09.2007 no virus found
DrWeb 4.33 06.16.2007 no virus found
eSafe 7.0.15.0 06.06.2007 no virus found
eTrust-Vet 30.7.3721 06.15.2007 no virus found
Ewido 4.0 06.16.2007 no virus found
FileAdvisor 1 06.16.2007 no virus found
Fortinet 2.85.0.0 06.16.2007 no virus found
F-Prot 4.3.2.48 06.08.2007 no virus found
F-Secure 6.70.13030.0 06.08.2007 no virus found
Ikarus T3.1.1.8 06.16.2007 Trojan.Win32.Kolweb.l
Kaspersky 4.0.2.24 06.16.2007 no virus found
McAfee 5054 06.15.2007 no virus found
Microsoft 1.2607 06.16.2007 no virus found
NOD32v2 2334 06.15.2007 no virus found
Norman 5.80.02 06.15.2007 no virus found
Panda 9.0.0.4 06.16.2007 no virus found
Prevx1 V2 06.16.2007 Polymorphic.File.Exploit
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 06.09.2007 no virus found
Symantec 10 06.16.2007 no virus found
TheHacker 6.1.6.133 06.15.2007 no virus found
VBA32 3.12.0.2 06.15.2007 suspected of Malware.Delf.3 (paranoid heuristics)
VirusBuster 4.3.23:9 06.16.2007 no virus found
Webwasher-Gateway 6.0.1 06.16.2007 Heuristic.Malware


Aditional Information
File size: 152576 bytes
MD5: 5468b6c8ec40827544976772d90c1b8a
SHA1: 3206d25c8e666d392fe59d6e315247cf32f9be05
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=821b101010095

Logfile of HijackThis v1.99.1
Scan saved at 4:00:56 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1166538757\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\AOL\1166538757\ee\SSCEvtHdlr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\AOL\1166538757\ee\aolsoftware.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B426F491-094C-43D4-8F16-ED4AE190032D} - C:\WINDOWS\system32\driverl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166538757\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1166538757\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\2003\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B4F8F8F-9CE3-4C54-BDB7-66F44E2F62A1} (IChartDocMngr Control) - https://webidc1.ichart.com/exv/installs/iChartDocMngr.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173479062280
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173481246545
O16 - DPF: {792A484F-C378-4B63-AD28-EF4FD490F00E} (IChartLogger Control) - https://webidc1.ichart.com/exv/installs/iChartLogger.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:37 AM

Posted 17 June 2007 - 04:28 PM

Hello JoAnnB,

Second of all, there is not enough memory on my computer from this mess to install the java...


Can you explain this better. Why wont Java install? Are you getting some kind of error messagaes?

How much memory do you have on this computer?
Right-click the My Computer icon, and select Properties from the menu that appears.
Look under Computer or Performance to find the amount of RAM in megabytes (MB).



Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



Please boot into Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B426F491-094C-43D4-8F16-ED4AE190032D} - C:\WINDOWS\system32\driverl.dll



These are optinal fixes. The following are not necessarily spyware/malware, but I suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
(Description: RealPlayer system tray application. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)

*******************************************

Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Don't use the windows start\search feature
Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.
Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\WINDOWS\system32\driverl.dll <==file

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Finally, reboot to the Normal Mode , post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 JoAnnB

JoAnnB
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 June 2007 - 08:04 PM

I get an error saying there is not enough memory to install it. I had plenty of memory until this virus infected my computer. I cannot even use system restore. :thumbsup:

used space is 31.8 GB and free space is 100 mb. I used to have more than half free until this mess.

#8 JoAnnB

JoAnnB
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 June 2007 - 08:37 PM

Now I have 37.22 GB used and 1.00 GB free. Still running slow.

Logfile of HijackThis v1.99.1
Scan saved at 8:37:16 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1166538757\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\AOL\1166538757\ee\SSCEvtHdlr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\AOL\1166538757\ee\aolsoftware.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166538757\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1166538757\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\2003\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B4F8F8F-9CE3-4C54-BDB7-66F44E2F62A1} (IChartDocMngr Control) - https://webidc1.ichart.com/exv/installs/iChartDocMngr.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173479062280
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173481246545
O16 - DPF: {792A484F-C378-4B63-AD28-EF4FD490F00E} (IChartLogger Control) - https://webidc1.ichart.com/exv/installs/iChartLogger.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1166538757\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:37 AM

Posted 17 June 2007 - 09:01 PM

Now I have 37.22 GB used and 1.00 GB free.



That is not your RAM, that is disk space. :thumbsup:

How much memory (RAM) do you have on this computer?
Right-click the My Computer icon, and select Properties from the menu that appears.
Look under Computer or Performance to find the amount of RAM in megabytes (MB).

You should have at least 512 MB RAM to run normally.

You log looks clean. I see no malware.

Lets run another online scanner and see if it finds any viruses.

Please perform this online scan: Kaspersky Webscan
This scan require Internet Explorer to run.
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply.

Edited by SifuMike, 17 June 2007 - 09:04 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 JoAnnB

JoAnnB
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 18 June 2007 - 07:35 AM

There still showed a virus. :thumbsup:

1.99 GHz, 512 mg RAM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 18, 2007 7:30:57 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/06/2007
Kaspersky Anti-Virus database records: 347856
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 73774
Number of viruses found: 2
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 01:42:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\AutoRecovery save of 061707_garner_gerald_4938.asd Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRA0003.as$ Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\dfsr.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\fsr.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\tmp.edb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\jobivins30@aol.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\jobivins30@aol.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007061720070618\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_EKLLu2zImFmK1eE Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_NqWTWZ6I1FwFpuy Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_uNZfvXHfQQkoNWJ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_XAOqpXjEkrkGNO9 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_yewY3PG9rToQ7wd Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_sHbynTjhNBYrwLc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_SrJ6asnBDUPaSGU Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_Zk37Av149Gwifje Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2C56.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3355.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF348D.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF349F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3649.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4783.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF47D7.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF90A6.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE06.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRD0001.doc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRS0002.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\jobivins30\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\jobivins30\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\jobivins00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\mcafee.com personal firewall\data\IpRules.xdb Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\PPRT\logs\2007-06-17.csv Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000011.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\_restore{3E974141-9281-43A8-AF28-1CB47DE8D0C6}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\monterreyc_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\monterreyd_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\monterreyh_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\monterreyk_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FF3B1CB4-B1C9-422B-97B2-6F22087CFEC2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\driverc.dll Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\system32\driverl.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\monterreyc_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\system32\monterreyd_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\system32\monterreyh_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\system32\monterreyk_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\system32\monterreyl_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:37 AM

Posted 18 June 2007 - 09:57 AM

Hello JoAnnB,


Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe
    C:\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe
    C:\WINDOWS\monterreyc_unknown.exe
    C:\WINDOWS\monterreyd_unknown.exe
    C:\WINDOWS\monterreyh_unknown.exe
    C:\WINDOWS\monterreyk_unknown.exe
    C:\WINDOWS\system32\driverc.dll
    C:\WINDOWS\system32\driverl.exe
    C:\WINDOWS\system32\monterreyc_unknown.exe
    C:\WINDOWS\system32\monterreyd_unknown.exe
    C:\WINDOWS\system32\monterreyh_unknown.exe
    C:\WINDOWS\system32\monterreyk_unknown.exe
    C:\WINDOWS\system32\monterreyl_unknown.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please perform this online scan: Kaspersky Webscan
This scan require Internet Explorer to run.
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 JoAnnB

JoAnnB
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 18 June 2007 - 12:16 PM

C:\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe moved successfully.
File/Folder C:\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe not found.
C:\WINDOWS\monterreyc_unknown.exe moved successfully.
C:\WINDOWS\monterreyd_unknown.exe moved successfully.
C:\WINDOWS\monterreyh_unknown.exe moved successfully.
C:\WINDOWS\monterreyk_unknown.exe moved successfully.
C:\WINDOWS\system32\driverc.dll unregistered successfully.
C:\WINDOWS\system32\driverc.dll moved successfully.
C:\WINDOWS\system32\driverl.exe moved successfully.
C:\WINDOWS\system32\monterreyc_unknown.exe moved successfully.
C:\WINDOWS\system32\monterreyd_unknown.exe moved successfully.
C:\WINDOWS\system32\monterreyh_unknown.exe moved successfully.
C:\WINDOWS\system32\monterreyk_unknown.exe moved successfully.
C:\WINDOWS\system32\monterreyl_unknown.exe moved successfully.
File/Folder not found.
File/Folder not found.

Created on 06/18/2007 10:04:22

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 18, 2007 12:14:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/06/2007
Kaspersky Anti-Virus database records: 348050
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 74949
Number of viruses found: 2
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 01:59:15

Infected Object Name / Virus Name / Last Action
C:\DocNeT\WorkingDocuments\TURNER LUCILLE(0).DOC Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRA0005.as$ Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\dfsr.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\fsr.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\tmp.edb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\jobivins30@aol.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\jobivins30@aol.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007061720070618\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007061820070619\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\CWA5317.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_1PwLCMkKyYhS8rg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_8QcTGvlutqusMar Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_hXfJcHisrKl2oh0 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_IjdSH54DRnLFzBH Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_ngXOz1mvt9MEY90 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_2gSRJgIKHAhNHRC Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_idzWMOS2lysCUbb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_xsee1TbOGgREvb6 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF348D.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF349F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4783.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF47D7.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF930F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA4C2.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE06.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF1CA.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRC0000.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRF0004.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRS0002.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\jobivins30\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\jobivins30\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\jobivins00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\mcafee.com personal firewall\data\IpRules.xdb Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\PPRT\logs\2007-06-17.csv Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.DBF Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000011.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\_restore{3E974141-9281-43A8-AF28-1CB47DE8D0C6}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FF3B1CB4-B1C9-422B-97B2-6F22087CFEC2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe NSIS: infected - 2 skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyc_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyd_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyh_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyk_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\driverc.dll Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\driverl.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyc_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyd_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyh_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyk_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyl_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped

Scan process completed.

#13 JoAnnB

JoAnnB
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 18 June 2007 - 12:16 PM

C:\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe moved successfully.
File/Folder C:\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe not found.
C:\WINDOWS\monterreyc_unknown.exe moved successfully.
C:\WINDOWS\monterreyd_unknown.exe moved successfully.
C:\WINDOWS\monterreyh_unknown.exe moved successfully.
C:\WINDOWS\monterreyk_unknown.exe moved successfully.
C:\WINDOWS\system32\driverc.dll unregistered successfully.
C:\WINDOWS\system32\driverc.dll moved successfully.
C:\WINDOWS\system32\driverl.exe moved successfully.
C:\WINDOWS\system32\monterreyc_unknown.exe moved successfully.
C:\WINDOWS\system32\monterreyd_unknown.exe moved successfully.
C:\WINDOWS\system32\monterreyh_unknown.exe moved successfully.
C:\WINDOWS\system32\monterreyk_unknown.exe moved successfully.
C:\WINDOWS\system32\monterreyl_unknown.exe moved successfully.
File/Folder not found.
File/Folder not found.

Created on 06/18/2007 10:04:22

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 18, 2007 12:14:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/06/2007
Kaspersky Anti-Virus database records: 348050
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 74949
Number of viruses found: 2
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 01:59:15

Infected Object Name / Virus Name / Last Action
C:\DocNeT\WorkingDocuments\TURNER LUCILLE(0).DOC Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRA0005.as$ Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\dfsr.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\fsr.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\tmp.edb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\jobivins30@aol.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\jobivins30@aol.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007061720070618\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007061820070619\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\CWA5317.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_1PwLCMkKyYhS8rg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_8QcTGvlutqusMar Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_hXfJcHisrKl2oh0 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_IjdSH54DRnLFzBH Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\me_ngXOz1mvt9MEY90 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_2gSRJgIKHAhNHRC Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_idzWMOS2lysCUbb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_xsee1TbOGgREvb6 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF348D.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF349F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4783.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF47D7.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF930F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA4C2.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE06.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF1CA.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRC0000.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRF0004.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~WRS0002.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\jobivins30\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\jobivins30\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\jobivins00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\mcafee.com personal firewall\data\IpRules.xdb Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\PPRT\logs\2007-06-17.csv Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.DBF Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000011.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\_restore{3E974141-9281-43A8-AF28-1CB47DE8D0C6}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FF3B1CB4-B1C9-422B-97B2-6F22087CFEC2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe NSIS: infected - 2 skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyc_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyd_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyh_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyk_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\driverc.dll Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\driverl.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyc_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyd_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyh_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyk_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyl_unknown.exe Infected: Trojan.Win32.Kolweb.l skipped

Scan process completed.

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:37 AM

Posted 18 June 2007 - 12:25 PM

Hi JoAnnB,

Looks like it removed the viruses. :thumbsup: How is your computer running?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 JoAnnB

JoAnnB
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 18 June 2007 - 12:32 PM

I don't think it did remove the viruses. That last virus scan I did said there still some and the log said skipped. Do you know what that means?

I also do medical transcription and found out today that the software I use puts a copy of the voice files in a folder called done...that is where all my memory went...cleaned all of that folder out and have more memory.

I am just still worried about the virus now. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users