CiD Popups

[tetonbob]

These are mostly annoying adware, though it's never a bad idea to change passwords of online accounts after an infection.

There is more work to do...

Perform these steps from your usual account.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

[ruperteel]

Hi,
I tried the first step on your reply(which doesn't appear in the thread) but I couldn't uninstall the old version of Java.
I got the message;
Error 1327. Invalid Drive: F:\
Then
Fatal Error During Installation.
I searched the Sun website and found an article title from 2004 which mentioned this but I wasn't allowed to access it.

[ruperteel]

Actually just seen your reply to my previous post. i didn't realise there was a page 2!

[tetonbob]

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

regedit /a look.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
start notepad look.txt

Save this as peek.bat Choose to "Save type as - All Files"
It should look like this:
Double click on peek.bat & allow it to run. A notepad file will open. Copy that information into your next reply, please.

[ruperteel]

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData"="C:\\Documents and Settings\\Peter\\Application Data"
"Cookies"=""
"Desktop"="C:\\Documents and Settings\\Peter\\Desktop"
"Favorites"=""
"NetHood"="C:\\Documents and Settings\\Peter\\NetHood"
"Personal"="C:\\Documents and Settings\\Peter\\My Documents"
"PrintHood"="C:\\Documents and Settings\\Peter\\PrintHood"
"Recent"="C:\\Documents and Settings\\Peter\\Recent"
"SendTo"="C:\\Documents and Settings\\Peter\\SendTo"
"Start Menu"="C:\\Documents and Settings\\Peter\\Start Menu"
"Templates"="C:\\Documents and Settings\\Peter\\Templates"
"Programs"="C:\\Documents and Settings\\Peter\\Start Menu\\Programs"
"Startup"="C:\\Documents and Settings\\Peter\\Start Menu\\Programs\\Startup"
"Local Settings"="C:\\Documents and Settings\\Peter\\Local Settings"
"Local AppData"="C:\\Documents and Settings\\Peter\\Local Settings\\Application Data"
"Cache"=""
"History"=""
"My Pictures"="C:\\Documents and Settings\\Peter\\My Documents\\My Pictures"
"Fonts"="C:\\WINDOWS\\Fonts"
"My Music"="C:\\Documents and Settings\\Peter\\My Documents\\My Music"
"CD Burning"="C:\\Documents and Settings\\Peter\\Local Settings\\Application Data\\Microsoft\\CD Burning"
"My Video"="C:\\Documents and Settings\\Peter\\My Documents\\My Videos"
"Administrative Tools"=""

[tetonbob]

That's a dry well...let's try this instead.

Download the Windows Installer CleanUp Utility
Locate and run msicuu2.exe to install the Windows Installer CleanUp Utility.
Locate and launch the Windows Installer CleanUp Utility on the Start menu.
From the Windows Installer CleanUp Utility window, locate Java 2 Runtime Environment, SE v1.4.2_03 in the list and click the Remove button.
Once Java 2 Runtime Environment, SE v1.4.2_03 has been removed, click the Exit button to close the utility.

Le me know....

[ruperteel]

Hi, The link didn't work.

[tetonbob]

The link works for me...do you mean the process didn't help you uninstall the old java? If so, forgo that for now. Install the new java, and perform the online scan.

[ruperteel]

This time I managed to download msicuu2.exe but when I ran it from the desktop to install I got the same error message as when I tried to uninstall Java from Add/Remove Programs - "Error 1327. Invalid Drive: F:\" followed by "Installation ended prematurely because of an error"
What now?

[tetonbob]

Install the new java, and perform the online scan.

If Java won't install, perform the online scan, and we'll come back to the Java issue.

[ruperteel]

Hi, I finally got the Kaspersky scan done. Log below followed by Hijack This log. Java 6 installed ok. I tried unistalling Java 1 again but the same error message came up.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 05, 2008 8:26:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/07/2008
Kaspersky Anti-Virus database records: 913396
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 181369
Number of viruses found: 12
Number of infected objects: 46
Number of suspicious objects: 0
Duration of the scan process: 04:42:37

Infected Object Name / Virus Name / Last Action
C:\6881f394ee77952632\msxml4-KB927978-enu.log Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Peter\LOCALS~1\Temp\sta1A.exe Infected: Trojan.Win32.Obfuscated.dqy skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\073ef2cc89745b4f76730d37910db133_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17ff3a68ad2e6c175dca10277d15412c_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48bb47dba9537dbc913e3a9e662fedb1_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e82454a64d61b3f7bbf172af388d6f3_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ec83bdbeaf2b154c1f2bc7293f12024_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c267bf9cdd2c1e79f8b72d55292757a_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c515d621e46846a32c6e5ad218b1468_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d0d93e726fa5c0747705c716dc30e1b_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ac51b3a45b29b3ac30ba0a21ce61271_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: infected - 6 skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]/UNNAMED/mail_body.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]/UNNAMED/mail_body.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx MailMSOutlook5: infected - 3 skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/UNNAMED/SaveUninst.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/UNNAMED/SaveUninst.zip Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: infected - 3 skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/SaveUninst.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/SaveUninst.zip Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx MailMSOutlook5: infected - 2 skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\EPOCLOG.001 Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Peter\ntuser.dat.LOG Object is locked skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0016.BIN Infected: Trojan-Dropper.Win32.Small.jh skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0024.BIN Infected: Trojan-Downloader.Win32.Wren.d skipped
C:\Peta\Zaloha\Download\nature3d.exe WiseSFX: infected - 4 skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Idle bind itch live\upload anti.exe.vir Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\QooBox\Quarantine\C\Documents and Settings\Peter\Application Data\Live admin list\baseforkhelp.exe.vir Infected: Trojan.Win32.Obfuscated.ddk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Peter\Application Data\Live admin list\bleh amen open cake.exe.vir Infected: Trojan.Win32.Inject.dbr skipped
C:\QooBox\Quarantine\C\Documents and Settings\Peter\Application Data\Live admin list\fqfiqbeu.exe.vir Infected: Trojan.Win32.Obfuscated.deb skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yATjiFYQ.dll.vir Infected: Trojan.Win32.Monderc.gen skipped
C:\sti.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP650\A0132355.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP657\A0134636.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP660\A0134882.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP661\A0134908.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP662\A0134927.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP662\A0134942.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP662\A0134960.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP663\A0134973.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP663\A0134993.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP663\A0135045.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135059.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135064.exe Infected: Trojan.Win32.Obfuscated.ddk skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135065.exe Infected: Trojan.Win32.Inject.dbr skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135067.exe Infected: Trojan.Win32.Obfuscated.deb skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135068.exe Infected: Trojan.Win32.Obfuscated.dqy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135069.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135070.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP670\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_iFPy5dWoUZT8KdU Object is locked skipped
C:\WINDOWS\Temp\mcmsc_iG4QgdVsQqG67GW Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process complete-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 05, 2008 8:26:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/07/2008
Kaspersky Anti-Virus database records: 913396
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 181369
Number of viruses found: 12
Number of infected objects: 46
Number of suspicious objects: 0
Duration of the scan process: 04:42:37

Infected Object Name / Virus Name / Last Action
C:\6881f394ee77952632\msxml4-KB927978-enu.log Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Peter\LOCALS~1\Temp\sta1A.exe Infected: Trojan.Win32.Obfuscated.dqy skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\073ef2cc89745b4f76730d37910db133_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17ff3a68ad2e6c175dca10277d15412c_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48bb47dba9537dbc913e3a9e662fedb1_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e82454a64d61b3f7bbf172af388d6f3_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ec83bdbeaf2b154c1f2bc7293f12024_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c267bf9cdd2c1e79f8b72d55292757a_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c515d621e46846a32c6e5ad218b1468_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d0d93e726fa5c0747705c716dc30e1b_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ac51b3a45b29b3ac30ba0a21ce61271_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: infected - 6 skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]/UNNAMED/mail_body.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]/UNNAMED/mail_body.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx MailMSOutlook5: infected - 3 skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/UNNAMED/SaveUninst.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/UNNAMED/SaveUninst.zip Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: infected - 3 skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/SaveUninst.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/SaveUninst.zip Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx MailMSOutlook5: infected - 2 skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\EPOCLOG.001 Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Peter\ntuser.dat.LOG Object is locked skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0016.BIN Infected: Trojan-Dropper.Win32.Small.jh skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0024.BIN Infected: Trojan-Downloader.Win32.Wren.d skipped
C:\Peta\Zaloha\Download\nature3d.exe WiseSFX: infected - 4 skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Idle bind itch live\upload anti.exe.vir Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\QooBox\Quarantine\C\Documents and Settings\Peter\Application Data\Live admin list\baseforkhelp.exe.vir Infected: Trojan.Win32.Obfuscated.ddk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Peter\Application Data\Live admin list\bleh amen open cake.exe.vir Infected: Trojan.Win32.Inject.dbr skipped
C:\QooBox\Quarantine\C\Documents and Settings\Peter\Application Data\Live admin list\fqfiqbeu.exe.vir Infected: Trojan.Win32.Obfuscated.deb skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yATjiFYQ.dll.vir Infected: Trojan.Win32.Monderc.gen skipped
C:\sti.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP650\A0132355.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP657\A0134636.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP660\A0134882.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP661\A0134908.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP662\A0134927.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP662\A0134942.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP662\A0134960.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP663\A0134973.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP663\A0134993.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP663\A0135045.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135059.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135064.exe Infected: Trojan.Win32.Obfuscated.ddk skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135065.exe Infected: Trojan.Win32.Inject.dbr skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135067.exe Infected: Trojan.Win32.Obfuscated.deb skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135068.exe Infected: Trojan.Win32.Obfuscated.dqy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135069.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135070.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP670\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_iFPy5dWoUZT8KdU Object is locked skipped
C:\WINDOWS\Temp\mcmsc_iG4QgdVsQqG67GW Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 05, 2008 8:26:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/07/2008
Kaspersky Anti-Virus database records: 913396
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 181369
Number of viruses found: 12
Number of infected objects: 46
Number of suspicious objects: 0
Duration of the scan process: 04:42:37

Infected Object Name / Virus Name / Last Action
C:\6881f394ee77952632\msxml4-KB927978-enu.log Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Peter\LOCALS~1\Temp\sta1A.exe Infected: Trojan.Win32.Obfuscated.dqy skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\073ef2cc89745b4f76730d37910db133_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17ff3a68ad2e6c175dca10277d15412c_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48bb47dba9537dbc913e3a9e662fedb1_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e82454a64d61b3f7bbf172af388d6f3_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ec83bdbeaf2b154c1f2bc7293f12024_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c267bf9cdd2c1e79f8b72d55292757a_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c515d621e46846a32c6e5ad218b1468_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d0d93e726fa5c0747705c716dc30e1b_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ac51b3a45b29b3ac30ba0a21ce61271_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED/mailtext.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: infected - 6 skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]/UNNAMED/mail_body.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]/UNNAMED/mail_body.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx MailMSOutlook5: infected - 3 skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/UNNAMED/SaveUninst.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/UNNAMED/SaveUninst.zip Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: infected - 3 skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/SaveUninst.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]/SaveUninst.zip Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx MailMSOutlook5: infected - 2 skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\EPOCLOG.001 Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Peter\ntuser.dat.LOG Object is locked skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0016.BIN Infected: Trojan-Dropper.Win32.Small.jh skipped
C:\Peta\Zaloha\Download\nature3d.exe/WISE0024.BIN Infected: Trojan-Downloader.Win32.Wren.d skipped
C:\Peta\Zaloha\Download\nature3d.exe WiseSFX: infected - 4 skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Idle bind itch live\upload anti.exe.vir Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\QooBox\Quarantine\C\Documents and Settings\Peter\Application Data\Live admin list\baseforkhelp.exe.vir Infected: Trojan.Win32.Obfuscated.ddk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Peter\Application Data\Live admin list\bleh amen open cake.exe.vir Infected: Trojan.Win32.Inject.dbr skipped
C:\QooBox\Quarantine\C\Documents and Settings\Peter\Application Data\Live admin list\fqfiqbeu.exe.vir Infected: Trojan.Win32.Obfuscated.deb skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yATjiFYQ.dll.vir Infected: Trojan.Win32.Monderc.gen skipped
C:\sti.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP650\A0132355.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP657\A0134636.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP660\A0134882.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP661\A0134908.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP662\A0134927.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP662\A0134942.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP662\A0134960.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP663\A0134973.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP663\A0134993.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP663\A0135045.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135059.exe Infected: Trojan-Downloader.Win32.Injecter.aaf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135064.exe Infected: Trojan.Win32.Obfuscated.ddk skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135065.exe Infected: Trojan.Win32.Inject.dbr skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135067.exe Infected: Trojan.Win32.Obfuscated.deb skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135068.exe Infected: Trojan.Win32.Obfuscated.dqy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135069.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP664\A0135070.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP670\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_iFPy5dWoUZT8KdU Object is locked skipped
C:\WINDOWS\Temp\mcmsc_iG4QgdVsQqG67GW Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HIJACK THIS LOG;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:39, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1982579309-3577282387-4139821508-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1982579309-3577282387-4139821508-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1982579309-3577282387-4139821508-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe....vex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab50997.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

--
End of file - 10777 bytes

[tetonbob]

The Java uninstall issue may be due to the fact that there's a previously mapped drive in it's install/uninstall routine.

http://consumerdocs.installshield.co...0636&sliceId=1

It may be present in one of these keys...

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

@echo off

If exist show.txt del /s/q show.txt
If exist peek*.txt del /s/q peek*.txt

regedit /a peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
regedit /a peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
regedit /a peek3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"

type peek*.txt>>show.txt
del peek*.txt
start notepad show.txt

Save this as peek.bat Choose to "Save type as - All Files"
It should look like this:
Double click on peek.bat & allow it to run. A notepad file will open. Copy that information into your next reply, please.

==============================

Kaspersky has identified some older emails as threats.

C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx
/[From webmaster@acon.com.au][Date Thu, 15 Dec 2005 18:14:43 UTC]

C:\Documents and Settings\Marta\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx
/[From postman@ftd.de][Date Mon, 26 Dec 2005 21:40:59 GMT]

C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx
/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]

C:\Documents and Settings\Peter\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Store.dbx
/[From "information" <information@whenumail.com>][Date Tue, 9 Mar 2004 13:18:51 -0500]

==============================


This file has been identified as a trojan dropper/downloader, and should be deleted:

C:\Peta\Zaloha\Download\nature3d.exe

==============================

The other items found by Kaspersky are in quarantine or backup locations. We'll remove them at the end of this procedure.

[ruperteel]

Results from Peek.bat;


REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData"="C:\\Documents and Settings\\Peter\\Application Data"
"Cookies"=""
"Desktop"="C:\\Documents and Settings\\Peter\\Desktop"
"Favorites"=""
"NetHood"="C:\\Documents and Settings\\Peter\\NetHood"
"Personal"="C:\\Documents and Settings\\Peter\\My Documents"
"PrintHood"="C:\\Documents and Settings\\Peter\\PrintHood"
"Recent"="C:\\Documents and Settings\\Peter\\Recent"
"SendTo"="C:\\Documents and Settings\\Peter\\SendTo"
"Start Menu"="C:\\Documents and Settings\\Peter\\Start Menu"
"Templates"="C:\\Documents and Settings\\Peter\\Templates"
"Programs"="C:\\Documents and Settings\\Peter\\Start Menu\\Programs"
"Startup"="C:\\Documents and Settings\\Peter\\Start Menu\\Programs\\Startup"
"Local Settings"="C:\\Documents and Settings\\Peter\\Local Settings"
"Local AppData"="C:\\Documents and Settings\\Peter\\Local Settings\\Application Data"
"Cache"=""
"History"=""
"My Pictures"="C:\\Documents and Settings\\Peter\\My Documents\\My Pictures"
"Fonts"="C:\\WINDOWS\\Fonts"
"My Music"="C:\\Documents and Settings\\Peter\\My Documents\\My Music"
"CD Burning"="C:\\Documents and Settings\\Peter\\Local Settings\\Application Data\\Microsoft\\CD Burning"
"My Video"="C:\\Documents and Settings\\Peter\\My Documents\\My Videos"
"Administrative Tools"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData"="C:\\Documents and Settings\\All Users\\Application Data"
"Common Programs"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs"
"Common Documents"="C:\\Documents and Settings\\All Users\\Documents"
"Common Desktop"="C:\\Documents and Settings\\All Users\\Desktop"
"Common Start Menu"="C:\\Documents and Settings\\All Users\\Start Menu"
"CommonPictures"="C:\\Documents and Settings\\All Users\\Documents\\My Pictures"
"CommonMusic"="C:\\Documents and Settings\\All Users\\Documents\\My Music"
"CommonVideo"="C:\\Documents and Settings\\All Users\\Documents\\My Videos"
"Common Favorites"="C:\\Documents and Settings\\All Users\\Favorites"
"Common Startup"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup"
"Common Templates"="C:\\Documents and Settings\\All Users\\Templates"
"Common Administrative Tools"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Administrative Tools"
"Personal"="C:\\WINDOWS\\system32\\config\\systemprofile\\My Documents\\"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4f,46,49,4c,45,25,5c,\
44,65,73,6b,74,6f,70,00
"Common Start Menu"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4f,46,49,4c,45,25,\
5c,53,74,61,72,74,20,4d,65,6e,75,00
"Common Programs"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4f,46,49,4c,45,25,5c,\
53,74,61,72,74,20,4d,65,6e,75,5c,50,72,6f,67,72,61,6d,73,00
"Common Startup"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4f,46,49,4c,45,25,5c,\
53,74,61,72,74,20,4d,65,6e,75,5c,50,72,6f,67,72,61,6d,73,5c,53,74,61,72,74,\
75,70,00
"Common AppData"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4f,46,49,4c,45,25,5c,\
41,70,70,6c,69,63,61,74,69,6f,6e,20,44,61,74,61,00
"Common Templates"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4f,46,49,4c,45,25,\
5c,54,65,6d,70,6c,61,74,65,73,00
"Common Favorites"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4f,46,49,4c,45,25,\
5c,46,61,76,6f,72,69,74,65,73,00
"Common Documents"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4f,46,49,4c,45,25,\
5c,44,6f,63,75,6d,65,6e,74,73,00

[tetonbob]

Did you previously have installed another drive on this machine? USB stick, external hdd, second internal hdd?

[ruperteel]

I do occaisonally connect USB sticks for podcasts and I back up to an occaisonally connected external HDD.
My theory is that drive F: refers to the network drive at Dell when they configured my machine before despatching it. What do you think?

[tetonbob]

I think it's more likely that the F:\ refers to one of the drives you've had attached, though I wouldn't be surprised if your theory were true.

See if this little tool helps with the uninstall.

• Download JavaRa.Zip from either of these two sites:
  
  http://prm753.bchea.org/click/click.php?id=9
  http://www.majorgeeks.com/JavaRa_d5967.html
  
  
• Save it to your Desktop.
• Unzip the download. This will create a new Folder, JavaRa on your Desktop.
• Double click this new Folder to open it, then double click JavaRa.exe to execute the program.
• Click the button "Remove Older Versions".
• Agree to the cleanup operation by clicking "Yes". After a moment, a notice will appear that a log file has been produced. Click OK. Close the Notepad file that opens.
• Click the button "Other Tasks". Choose these options:
  • Remove Useless JRE Files
  • Open JavaRa Logfile
• Click Go. When it finishes, click OK to close the panel. A logfile will open. Please post the contents of that log in your next reply.
• Exit the program.
• Delete JavaRa.Zip, and the unzipped JavaRa folder. We're done with it now.

[ruperteel]

JavaRa 1.08 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Jul 06 18:20:15 2008

Found and removed: C:\Program Files\Java\j2re1.4.2_03

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

------------------------------------

Finished reporting.

[tetonbob]

Is the old Java still in the Add or Remove Programs list? If so, what happens if you click on Remove?

[ruperteel]

It is still there (136MB) but there is no option to remove it!

[tetonbob]

It's doubtful that it's still installed. More likely a remnant on the Add or Remove applet.

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Click on the Box that says "Open Uninstall Manager"
• Highlight the following entries if present, then click "Delete"
• Java 2 Runtime Environment, SE v1.4.2_03
• When it asks if you are sure, click "Yes"

This folder should already have been removed. Let me know if it exists still:

C:\Program Files\Java\j2re1.4.2_03