Computer Problems...here's my log...please help!

Question

Below is my Hijack This Log. Any help would be greatly appreciated. I have posted before, the last time I posted I think things didn't completely get cleared out... Maybe another try is needed... thanks! (I removed all the items from my ignore list, because last time i didn't know how to, and i think thats what caused the problems to persist). I continuously get pop ups from WinAntiVirus2006, ErrorSafe, DiskSweeper, etc. and I now have a problem where Windows tells me that I have to close the explorer because of a Data error or something... Thanks in advance for your help...

Logfile of HijackThis v1.99.1
Scan saved at 12:34:55 AM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\PAWAN RASTOGI\Desktop\SpyWare Arsenal\Hijack\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\PAWAN RASTOGI\Desktop\SpyWare Arsenal\Hijack\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133799012209
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

1972vet · Answer

Quote: the last time I posted I think things didn't completely get cleared out... That's because you failed to finish up with Bugbatter who left you with more instructions that you didn't complete...click here To see them. Your Java application is out of date and causes a slight security risk as a result. Please follow these steps to remove older version Java components 1. Close any open programs you may have running, especially your web browser. 2. Click Start-->Control Panel-->Add or Remove Programs. For those just reading this thread:Depending on your OS, you may have to click Start-->Settings-->Control Panel-->Add or Remove Programs. 3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the 'Remove' or 'Change/Remove' button. Not every version of Java will begin with 'Java' so be sure to read each entry in the list. Repeat step 3 as many times as necessary to remove all versions of Java. **If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer. 4. Navigate to and delete: C:\Program Files\ Java =this folder if found 5. Then go to this page. Scroll down to where it says 'The J2SE Runtime Environment (JRE) allows end-users to run Java applications'and click the 'Download' button to the right. 6. Check the box that says: 'Accept License Agreement' the page will refresh and click on the link to download Windows Offline Installation with or without Multi-language. Save it to your desktop. Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version. Run hijackthis again and check the following: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll Close all windows except for hijackthis then click Fix Checked. Locate and delete the following files/folders indicated in Bold text: C:\Program Files\ VSAdd-in\VSAdd-in.dll Reboot the system. Please perform this online scan: F-Secure Online Scanner Next Generation Beta 1. Click on the link ' F-Secure Online Scanner Next Generation Beta'. 2. You may receive an alert on the address bar at this point to install the ActiveX control. 3. Click on that alert and then Click Insall ActiveX component. 4. Read the license agreement and click ' Accept'. 5.Click ' Custom Scan' and be sure the following are checked: Scan whole System Scan all files Scan whole system for rootkits Scan whole system for spyware Scan inside archives Use advanced heuristics 6. When the scan completes, click the ' I want to decide item by item' button. 7. For each item found, Select ' Disinfect' and click ' Next'. 8. When done, click the ' Show Report' button, then copy and paste the entire report into your next reply along with a fresh HijackThis log. Thanks!

Pewan42 · Answer

Thank you very much for your help... I don't know if I did something wrong, but after running HijackThis and then trying to delete VSadd-in.dll it says 'Error Deleting File or Folder...Access Denied' Below I have included my HijackThis log to let you see if I correctly did was I was suppose to do with that program. I have not done the Online Scanner yet because I didn't know if you wanted me to get rid of that DLL file first. Logfile of HijackThis v1.99.1 Scan saved at 2:26:46 AM, on 11/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\basfipm.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM\aim.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Thunderbird	hunderbird.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\PAWAN RASTOGI\Desktop\SpyWare Arsenal\Hijack\HijackThis.exe O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] 'C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe' O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe' O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\PAWAN RASTOGI\Desktop\SpyWare Arsenal\Hijack\HijackThis.exe /startupscan O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133799012209 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Thanks once again....

1972vet · Answer

It's been deleted. Go ahead with the online scan. Post back the results along with a fresh hijackthis log.

Pewan42 · Answer

• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900005.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900006.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D90000A.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00005.VBN (Renamed & Submitted)
Trojan.Win32.Runner.h (virus)
• C:\windows\Temp\B3D24.tmp\Quicklinks.exe
Trojan.Win32.StartPage.aw (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B740000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000A.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000B.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000C.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000D.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000E.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000F.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380010.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380011.VBN (Renamed & Submitted)
Trojan.Win32.Starter.a (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01880000.VBN (Renamed & Submitted)
W32/Stration.OT@mm (virus)
• C:\windows\system32\kxihlvyg.exe (Submitted)
Win32.Trojandownloader.Zlob (spyware)
• System
not-virus:Hoax.Win32.Renos.cc (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08700000.VBN (Submitted)
not-virus:Hoax.Win32.Renos.dv (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN (Submitted)
________________________________________
Statistics
Scanned:
• Files: 463609
• System: 4798
• Not scanned: 457
Actions:
• Disinfected: 1
• Renamed: 313
• Deleted: 0
• None: 86
• Submitted: 355
Files not scanned:
x • x • _6B4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6CC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6EC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F0.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6FC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_750.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_790.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_7A4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_BDC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E74.DAT
• C:\WINDOWS\SYSTEM32\BIOS1.ROM
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CICL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP10000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP20000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIPT0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIST0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\INDEX.000
• C:\PROGRAM FILES\PROJECT64 V1.5\SAVE\POKEMON STADIUM 2.FLA
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\MASTER.MDF
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\TEMPDB.MDF
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
• C:\I386\BIOS1.ROM
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\NTUSER.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_25C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_85C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_C80.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_CF4.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF3611.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF375A.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF5180.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF9A67.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFC063.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFCA08.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFE653.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFED28.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFF75E.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER3D95.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER26CC.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1C0F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER150F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1165.DIR00\FIREFOX.EXE.HDMP
• C:\Documents and Settings\PAWAN RASTO_î ¬

• C:\HIBERFIL.SYS
• C:\PAGEFILE.SYS
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_174.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_1C4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_43C.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_5F4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_630.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_67C.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6B0.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6B4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6CC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6EC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F0.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6FC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_750.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_790.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_7A4.DAT° i C x • Z¤ \TEMP\PERFLIB_PERFDATA_BDC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E74.DAT
• C:\WINDOWS\SYSTEM32\BIOS1.ROM
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CICL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP10000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP20000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIPT0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIST0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\INDEX.000
• C:\PROGRAM FILES\PROJECT64 V1.5\SAVE\POKEMON STADIUM 2.FLA
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\MASTER.MDF
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\TEMPDB.MDF
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
• C:\I386\BIOS1.ROM
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\NTUSER.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_25C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_85C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_C80.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_CF4.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF3611.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF375A.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF5180.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF9A67.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFC063.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFCA08.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFE653.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFED28.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFF75E.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER3D95.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER26CC.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1C0F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER150F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1165.DIR00\FIREFOX.EXE.HDMP
• C:\Documents and Settings\PAWAN RASTOGI\Local Settings\Temp\Temporary Internet Files\Content.IE5\QLPE3EDC\aslmain[1].js\aslmain[1]
• C:\DOCUMENTS AND SETTINGS\PAWA$ ›
________________________________________
Options
Scanning engines:
• F-Secure Libra: 2.4.2, 2006-11-10
• F-Secure AVP: 7.0.171, 2006-11-10
• F-Secure Orion: 1.2.37, 2006-11-10
• F-Secure Blacklight: 1.0.31, 0000-00-00
• F-Secure Draco: 1.0.35, 0260-02-44
• F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
• Scan all files
• Scan inside archives
• Use Advanced heuristics
________________________________________
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Pewan42 · Answer

Below is the report... thanks once again for all your help... i hope i did everything right this time...

Scanning Report
Friday, November 10, 2006 13:11:37 - 15:11:11
Computer name: PAWANRASTOGI
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
________________________________________
Result: 400 malware found
Adware.BHO(generic) (spyware)
• System
Backdoor.Win32.SdBot.aad (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C002D.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C002E.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04800000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00008.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00009.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00014.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00015.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980005.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980006.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980007.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0998000A.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0998000B.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980010.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980011.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980016.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980017.VBN (Renamed & Submitted)
Email-Worm.Win32.Roron.4999.c (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06C00000.VBN (Renamed & Submitted)
Exploit.HTML.Mht (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02BC0001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02BC0007.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02BC0010.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02BC0011.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02BC0012.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D5C0000.VBN (Renamed & Submitted)
Exploit.HTML.ObjData (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02BC0002.VBN (Renamed & Submitted)
Exploit.Java.ByteVerify (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02BC0006.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02BC000E.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02BC000F.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05AC0004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F00004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F00009.VBN (Renamed & Submitted)
Exploit.VBS.Phel.a (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05AC0000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05AC0005.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F00000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F00005.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F0000A.VBN (Renamed & Submitted)
Exploit.Win32.IMG-WMF (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\098C0000.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\098C0002.VBN (Submitted)
Net-Worm.Win32.Dedler.u (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01BC0000.VBN (Renamed & Submitted)
Packed.Win32.Klone.g (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\028C0000.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\028C0001.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\028C0002.VBN (Submitted)
Packed.Win32.Klone.k (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01800002.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01800004.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01800009.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C0004.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C0005.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C0008.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C0009.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C0010.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C0011.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C0016.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C0017.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00001.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00004.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00007.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900007.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900008.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900009.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00000.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00002.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00003.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00006.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00007.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00008.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC0000A.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC0000C.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC0000D.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00010.VBN (Submitted)
Password-protected-EXE (virus)
• C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer17.zip (Submitted)
• C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip (Submitted)
• C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip (Submitted)
• C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy5.zip (Submitted)
SpywareQuake (spyware)
• System
Tracking Cookie (spyware)
• System (Disinfected)
• System
• System (Submitted)
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
• System
Trojan-Clicker.Win32.VB.kc (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C0029.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C002A.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C002B.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\045C002C.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00005.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00006.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00007.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00010.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00011.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00012.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B00013.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F80000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980008.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980009.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0998000C.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0998000D.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0998000E.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0998000F.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980012.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09980013.VBN (Renamed & Submitted)

Pewan42 · Answer

• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900005.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900006.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D90000A.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00005.VBN (Renamed & Submitted)
Trojan.Win32.Runner.h (virus)
• C:\windows\Temp\B3D24.tmp\Quicklinks.exe
Trojan.Win32.StartPage.aw (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B740000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000A.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000B.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000C.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000D.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000E.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000F.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380010.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380011.VBN (Renamed & Submitted)
Trojan.Win32.Starter.a (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01880000.VBN (Renamed & Submitted)
W32/Stration.OT@mm (virus)
• C:\windows\system32\kxihlvyg.exe (Submitted)
Win32.Trojandownloader.Zlob (spyware)
• System
not-virus:Hoax.Win32.Renos.cc (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08700000.VBN (Submitted)
not-virus:Hoax.Win32.Renos.dv (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN (Submitted)
________________________________________
Statistics
Scanned:
• Files: 463609
• System: 4798
• Not scanned: 457
Actions:
• Disinfected: 1
• Renamed: 313
• Deleted: 0
• None: 86
• Submitted: 355
Files not scanned:
x • x • _6B4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6CC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6EC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F0.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6FC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_750.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_790.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_7A4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_BDC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E74.DAT
• C:\WINDOWS\SYSTEM32\BIOS1.ROM
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CICL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP10000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP20000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIPT0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIST0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\INDEX.000
• C:\PROGRAM FILES\PROJECT64 V1.5\SAVE\POKEMON STADIUM 2.FLA
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\MASTER.MDF
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\TEMPDB.MDF
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
• C:\I386\BIOS1.ROM
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\NTUSER.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_25C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_85C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_C80.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_CF4.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF3611.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF375A.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF5180.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF9A67.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFC063.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFCA08.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFE653.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFED28.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFF75E.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER3D95.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER26CC.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1C0F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER150F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1165.DIR00\FIREFOX.EXE.HDMP
• C:\Documents and Settings\PAWAN RASTO_î ¬

• C:\HIBERFIL.SYS
• C:\PAGEFILE.SYS
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_174.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_1C4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_43C.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_5F4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_630.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_67C.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6B0.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6B4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6CC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6EC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F0.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6FC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_750.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_790.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_7A4.DAT° i C x • Z¤ \TEMP\PERFLIB_PERFDATA_BDC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E74.DAT
• C:\WINDOWS\SYSTEM32\BIOS1.ROM
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CICL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP10000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP20000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIPT0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIST0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\INDEX.000
• C:\PROGRAM FILES\PROJECT64 V1.5\SAVE\POKEMON STADIUM 2.FLA
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\MASTER.MDF
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\TEMPDB.MDF
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
• C:\I386\BIOS1.ROM
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\NTUSER.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_25C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_85C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_C80.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_CF4.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF3611.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF375A.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF5180.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF9A67.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFC063.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFCA08.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFE653.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFED28.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFF75E.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER3D95.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER26CC.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1C0F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER150F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1165.DIR00\FIREFOX.EXE.HDMP
• C:\Documents and Settings\PAWAN RASTOGI\Local Settings\Temp\Temporary Internet Files\Content.IE5\QLPE3EDC\aslmain[1].js\aslmain[1]
• C:\DOCUMENTS AND SETTINGS\PAWA$ ›
________________________________________
Options
Scanning engines:
• F-Secure Libra: 2.4.2, 2006-11-10
• F-Secure AVP: 7.0.171, 2006-11-10
• F-Secure Orion: 1.2.37, 2006-11-10
• F-Secure Blacklight: 1.0.31, 0000-00-00
• F-Secure Draco: 1.0.35, 0260-02-44
• F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
• Scan all files
• Scan inside archives
• Use Advanced heuristics
________________________________________
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Pewan42 · Answer

• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF00004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900005.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900006.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D90000A.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00001.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00004.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00005.VBN (Renamed & Submitted)
Trojan.Win32.Runner.h (virus)
• C:\windows\Temp\B3D24.tmp\Quicklinks.exe
Trojan.Win32.StartPage.aw (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B740000.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380002.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380003.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000A.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000B.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000C.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000D.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000E.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C38000F.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380010.VBN (Renamed & Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380011.VBN (Renamed & Submitted)
Trojan.Win32.Starter.a (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01880000.VBN (Renamed & Submitted)
W32/Stration.OT@mm (virus)
• C:\windows\system32\kxihlvyg.exe (Submitted)
Win32.Trojandownloader.Zlob (spyware)
• System
not-virus:Hoax.Win32.Renos.cc (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08700000.VBN (Submitted)
not-virus:Hoax.Win32.Renos.dv (virus)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN (Submitted)
• C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN (Submitted)
________________________________________
Statistics
Scanned:
• Files: 463609
• System: 4798
• Not scanned: 457
Actions:
• Disinfected: 1
• Renamed: 313
• Deleted: 0
• None: 86
• Submitted: 355
Files not scanned:
x • x • _6B4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6CC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6EC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F0.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6FC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_750.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_790.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_7A4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_BDC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E74.DAT
• C:\WINDOWS\SYSTEM32\BIOS1.ROM
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CICL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP10000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP20000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIPT0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIST0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\INDEX.000
• C:\PROGRAM FILES\PROJECT64 V1.5\SAVE\POKEMON STADIUM 2.FLA
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\MASTER.MDF
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\TEMPDB.MDF
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
• C:\I386\BIOS1.ROM
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\NTUSER.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_25C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_85C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_C80.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_CF4.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF3611.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF375A.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF5180.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF9A67.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFC063.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFCA08.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFE653.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFED28.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFF75E.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER3D95.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER26CC.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1C0F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER150F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1165.DIR00\FIREFOX.EXE.HDMP
• C:\Documents and Settings\PAWAN RASTO_î ¬

• C:\HIBERFIL.SYS
• C:\PAGEFILE.SYS
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_174.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_1C4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_43C.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_5F4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_630.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_67C.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6B0.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6B4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6CC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6EC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F0.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6F4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_6FC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_750.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_790.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_7A4.DAT° i C x • Z¤ \TEMP\PERFLIB_PERFDATA_BDC.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E4.DAT
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_E74.DAT
• C:\WINDOWS\SYSTEM32\BIOS1.ROM
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CICL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP10000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIP20000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIPT0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISL0001.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CISP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIST0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.000
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\CIVP0000.002
• C:\SYSTEM VOLUME INFORMATION\CATALOG.WCI\INDEX.000
• C:\PROGRAM FILES\PROJECT64 V1.5\SAVE\POKEMON STADIUM 2.FLA
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\MASTER.MDF
• C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$MICROSOFTBCM\DATA\TEMPDB.MDF
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
• C:\I386\BIOS1.ROM
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\NTUSER.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_25C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_85C.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_C80.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_CF4.DAT
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF3611.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF375A.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF5180.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DF9A67.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFC063.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFCA08.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFE653.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFED28.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\~DFF75E.TMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER3D95.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER26CC.DIR00\FIREFOX.EXE.MDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1C0F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER150F.DIR00\FIREFOX.EXE.HDMP
• C:\DOCUMENTS AND SETTINGS\PAWAN RASTOGI\LOCAL SETTINGS\TEMP\WER1165.DIR00\FIREFOX.EXE.HDMP
• C:\Documents and Settings\PAWAN RASTOGI\Local Settings\Temp\Temporary Internet Files\Content.IE5\QLPE3EDC\aslmain[1].js\aslmain[1]
• C:\DOCUMENTS AND SETTINGS\PAWA$ ›
________________________________________
Options
Scanning engines:
• F-Secure Libra: 2.4.2, 2006-11-10
• F-Secure AVP: 7.0.171, 2006-11-10
• F-Secure Orion: 1.2.37, 2006-11-10
• F-Secure Blacklight: 1.0.31, 0000-00-00
• F-Secure Draco: 1.0.35, 0260-02-44
• F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
• Scan all files
• Scan inside archives
• Use Advanced heuristics
________________________________________
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

1972vet · Answer

You can open your Norton quarantine section and delete everything in there. How's the computer running now? Please post a new HijackThis log. Thanks!

Pewan42 · Answer

Below is the HijackThis Log... I still get some popups though... a few less than before though. The other thing is that every time I open a folder from my desktop, or surf the internet using IE, Norton pops up with a message about that VSAdd-in.dll file (I don't think that the file name I have written is correct, but I hope you understand what I mean. It keeps saying that its found a threat, but cannot successfully quarantine/delete it...

Thanks for your help though...tell me if there's anything else I should do...

Logfile of HijackThis v1.99.1
Scan saved at 2:49:13 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PAWAN RASTOGI\Desktop\SpyWare Arsenal\Hijack\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\PAWAN RASTOGI\Desktop\SpyWare Arsenal\Hijack\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133799012209
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

1972vet · Answer

Quote: I still get some popups though... a few less than before though. Please describe the popups you are still getting. What are they telling you? You should open your HijackThis application and click on the backups to delete the entry we removed for the VSAdd-in.dll: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll Also, open Norton antivirus and delete the quarantined items. Please download Ad-Aware SE Personal Edition 1.06 and install it. If you already have version 1.06, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06. 1) Run Ad-Aware, and click Check for updates now. 2) Select Configurations (click the Gear wheel at the top) as follows: General Button > Safety & Settings: Check (Green) all three. Tweak Button > Cleaning Engine > UNcheck 'Always try to unload modules before deletion'. Click Proceed. 3) To start the scan, Click > 'Scan Now' at left Deselect 'Search for negligible risk entries' as negligible risk entries (MRU's) are not considered to be a threat. Select 'Search for low-risk threats' Select 'Perform full system scan' Click Next 4) When the scan has completed, select Next. In the Scanning Results window, select the 'Critical Objects' tab. Right-click on the screen and choose 'Select all objects' Click Next to remove the infections found, and click OK to the prompt. Restart the computer. Please download 'Spybot search and destroy' After installation, Go to Start > Programs >Spybot - Search & Destroy and when the program opens, click on the mode tab at the top left of the application window and select 'advanced'. Then click on Tools. In the menu on the left hand side you will see Resident, click there then in the right pane under 'resident protection status' put a check mark in the box next to 'resident SD helper (Internet explorer bad download blocker). Close ALL windows except Spybot S&D. Click the button to Search for Updates and download and install the Updates. When the updates complete, please click 'immunize' from the menu on the left. Then in the right pane click the +immunize button. Next click the 'Search and Destroy' button from the left pane menu then click the 'check for Problems' button in the right pane. Spybot will now scan your computer and display in the 'problem' window any bad programs it finds. When the scan completes, it may show red, black, and green entries. Please put a check mark next to all the RED entries and click 'fix selected problems'. When finished, close the application. Download and scan with AVG Anti-Spyware v7.5 ( This is Ewido 4.0 renamed. If you already have Ewido installed, please update to this version which has a special 'clean driver' for removing persistent malware) After download, double click on the file to launch the install process. Choose a language, click 'OK' and then click 'Next'. Read the 'License Agreement' and click 'I Agree'. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click 'Next', then click 'Install'. After setup completes, click 'Finish' to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray. The main 'Status' menu will appear. Select 'Change state' to inactivate 'Resident Shield' and 'Automatic Updates'. Then right click on AVG Anti-Spyware in the system tray and uncheck 'Start with Windows'. Go to Start > Run and type: services.msc Press 'OK'. Click the 'Extended tab' and scroll down the list to find AVG Anti-Spyware guard. When you find the guard service, double-click on it. In the Properties Window > General Tab that opens, click the 'Stop' button. From the drop-down menu next to 'Startup Type', click on 'Manual'. Now click 'Apply', then 'OK' and close the Services window. Select the 'Update' button and click 'Start update'. Wait until you see the 'Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Once the updates are installed do the following: Click on the ' Scanner' button and choose the ' Settings' tab. Under 'How to act?', click on 'Recommended actions' and choose 'Quarantine' to set default action for detected malware. Under 'How to Scan?' check all (default). Under 'Possibly unwanted software' check all (default). Under 'What to Scan?' make sure 'Scan every file' is selected (default). Under 'Reports' select 'Automatically generate report after every scan' and UNcheck 'Only if threats were found'. Close the application and reboot the computer into Safe mode. Once in safe mode continue with the instructions below: Open the AVG Anti-Spyware application and click the ' Scan' tab. Click ' Complete System Scan' to start. Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are 'protected' by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection. Note: If AVG Anti-Spyware 'crashes' or 'hangs' during the scan, try scanning again by doing this: Scan one sector of the system at a time by using the 'Custom Scan' feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on 'Start Scan'. When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick 'Scan in NTFS Alternate Data Streams'. Then repeat the steps above for performing a Custom Scan. When the scan has finished you will be presented with a list of infected objects found. Click ' Apply all actions' to place the files in Quarantine. IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate ' No action taken', making it more difficult to interpret the report. So be sure you save it only AFTER clicking the 'Apply all actions' button? Click on ' Save Report' to view all completed scans. Click on the most recent scan you just performed and select ' Save report as' - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\ Exit AVG Anti-Spyware when done. Reboot back to your normal user mode and post the contents of the AVG Anti-spyware scan log.

Virus & Spyware

Computer Problems...here's my log...please help!

Was this post helpful?