Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

shinwow.bh buried in java cache files [RESOLVED]

Started by micha , Apr 13 2008 05:34 AM

This topic is locked

#16
micha

Posted 17 April 2008 - 07:48 PM

Member

Topic Starter
Member
24 posts

File/Folder not found.
File/Folder not found.
File/Folder CODE not found.
File/Folder c:\Documents and Settings\default user\application data\Sun\Java\deployment\cache\6.0\56\3c28cc78-369889c4 not found.
File/Folder c:\Documents and Settings\Default User\application data\Sun\Java\Deployment\cache\javapi \v1.0\jar\eRT.jar-27406485-620c90b7.zip not found.
File/Folder c:\documentsand settings\owner\application data\sun\java\deployment\cache\6.0\56\3c28cc78-36989c4 not found.
File/Folder c:\documents and settings\owner\application data\sun\java\deployment\cache\javapi\v1.0\jar\eRT.jar27406485-620c90b7.zip not found.
c:\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 moved successfully.
File/Folder c:\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c907b7.zip not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04172008_213911

#17
greyknight17

Posted 17 April 2008 - 08:44 PM

Malware Expert

Visiting Consultant
16,560 posts

Does CA still detect those entries?

Try the following:

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

#18
micha

Posted 17 April 2008 - 11:24 PM

Member

Topic Starter
Member
24 posts

ran a scan to see what CA was showing after using the OTMoveIt2.exe...
(thanx to your explanation of how to send a scan...well I at least learned to send u a scan...rofl)
HOPE THIS HELPS?

#19
greyknight17

Posted 18 April 2008 - 06:03 PM

Malware Expert

Visiting Consultant
16,560 posts

Do the below again:
Go to http://www.java.com/.../5000020300.xml and see how to clear your Java cache or follow the instructions below:

Go into the Control Panel and double-click the Java icon (looks like a coffee cup).

- Under Temporary Internet Files, click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files
- Click OK on Delete Temporary Files window (Note: This deletes ALL the Downloaded Java Applications and Applets from the CACHE.)
- Click OK to leave the Java Control Panel.

Then uninstall all Java related programs in your Add/Remove Programs panel and restart your computer. Go back to those 5 locations and see if you can see their Java folders (no need to go in that deep, just stop after the ....Sun\Java if found). If found, delete all the folders found (I think 4 different ones since two of them share a folder there).

If something was found, restart your computer first and then install Java back. Otherwise if nothing is found, try installing Java back. Run CA and check for any updates. Then run a scan again to see if it still finds those 5 entries.

#20
micha

Posted 18 April 2008 - 06:33 PM

Member

Topic Starter
Member
24 posts

question?
where do I go to get JAVA for reinstallation???
Is there a www. or something???

#21
greyknight17

Posted 18 April 2008 - 06:44 PM

Malware Expert

Visiting Consultant
16,560 posts

See if you can download it here.

#22
micha

Posted 18 April 2008 - 10:30 PM

Member

Topic Starter
Member
24 posts

Well, if you remember that we went from 6 to 5 viruses, and lost another one to OTMoveIt2.exe, we now have 4...right?
were at least making headway, slow headway, but it's something...rofl
Thank you for your guidance and patience, it is greatly appreciated!!!

Started scanning at 4/17/2008 11:34:25 PM. Engine Ver: 31.1.0. Sig Ver:5708. Sig Date: 4/18/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond30.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041720080418\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_3c8.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2792.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF33CF.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF47A7.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6D80.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFF04C.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log - Could not open the file.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP5\change.log - Could not open the file.
C:\WINDOWS\SchedLgU.Txt - Could not open the file.
C:\WINDOWS\Sti_Trace.log - Could not open the file.
C:\WINDOWS\wiadebug.log - Could not open the file.
C:\WINDOWS\wiaservc.log - Could not open the file.
C:\WINDOWS\WindowsUpdate.log - Could not open the file.
C:\WINDOWS\Debug\PASSWD.LOG - Could not open the file.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - Could not open the file.
C:\WINDOWS\SYSTEM32\h323log.txt - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - Could not open the file.
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\Internet.evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP - Could not open the file.
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.

Files Scanned: 360759
Files Infected: 5
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Java/Shinwow.BH

Files not Cleaned\Deleted\Quarantined (Limit 100): 5

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Finished scanning at 4/18/2008 1:12:45 AM.

Started scanning at 4/18/2008 7:16:41 AM. Engine Ver: 31.1.0. Sig Ver:5709. Sig Date: 4/18/2008. ArcLib Ver: 7.3.0.9.

Files Scanned: 3205
Files Infected: 0
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Files not Cleaned\Deleted\Quarantined (Limit 100): 0

Finished scanning at 4/18/2008 7:19:18 AM.

Started scanning at 4/18/2008 7:20:03 AM. Engine Ver: 31.1.0. Sig Ver:5709. Sig Date: 4/18/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond2F.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041820080419\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_2ec.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF3305.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF3B8E.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFC7A5.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFE68A.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFF4FB.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.

Files Scanned: 57586
Files Infected: 3
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Java/Shinwow.BH

Files not Cleaned\Deleted\Quarantined (Limit 100): 3

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Scanning aborted at 4/18/2008 7:39:12 AM.

Started scanning at 4/18/2008 10:18:50 PM. Engine Ver: 31.1.0. Sig Ver:5714. Sig Date: 4/19/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond61.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041820080419\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_33c.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF43F7.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6176.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6368.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF9515.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log - Could not open the file.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP8\change.log - Could not open the file.
C:\WINDOWS\SchedLgU.Txt - Could not open the file.
C:\WINDOWS\Sti_Trace.log - Could not open the file.
C:\WINDOWS\wiadebug.log - Could not open the file.
C:\WINDOWS\wiaservc.log - Could not open the file.
C:\WINDOWS\WindowsUpdate.log - Could not open the file.
C:\WINDOWS\Debug\PASSWD.LOG - Could not open the file.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - Could not open the file.
C:\WINDOWS\SYSTEM32\h323log.txt - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - Could not open the file.
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\Internet.evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP - Could not open the file.
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.

Files Scanned: 363367
Files Infected: 5
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Java/Shinwow.BH

Files not Cleaned\Deleted\Quarantined (Limit 100): 5

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Finished scanning at 4/19/2008 12:13:41 AM.

#23
greyknight17

Posted 19 April 2008 - 02:26 PM

Malware Expert

Visiting Consultant
16,560 posts

These have to exist since it's found by the scanner....let's try this again:

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

#24
micha

Posted 19 April 2008 - 06:10 PM

Member

Topic Starter
Member
24 posts

Holy Sh**...omg, I'm almost beyond geeked to run an exam...
I'll do a scan thru CA and see if anything appears as infected...brb...I'll send anew reply with CA scan results...

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 moved successfully.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip moved successfully.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip moved successfully.
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04192008_200620

#25
greyknight17

Posted 19 April 2008 - 06:31 PM

Malware Expert

Visiting Consultant
16,560 posts

Finally got rid of the beast....don't know why it didn't work the first time around. Hopefully, CA will now find it squeaky clean

#26
micha

Posted 19 April 2008 - 08:47 PM

Member

Topic Starter
Member
24 posts

Everything is in OTMoveIt.exe...so now hjow do I delete these 'moveit virus trapped files'???

I am so ecstatic, that these virus are missing from CA scans...I feel like that crazy lil woman in Poltergeist...Make's you want to say "this house/computer is CLEAN"...roflmao

(P.s. Just in case I slipped in revealing my gender, you have been showing a female, I am Mary, Micha's wife how to do this from the beginning...I contacted you, and trusted all of you to help me...and If I can do this, anyone can do this!
You are a most awesome teacher, and this grasshopper knows full well, she doesn't know everything yet, but she is in no way intimidated by this computer anymore!!!)

Started scanning at 4/19/2008 8:28:05 PM. Engine Ver: 31.1.0. Sig Ver:5714. Sig Date: 4/19/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond30.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041920080420\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_270.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2DB6.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2DCA.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF745D.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFA4D.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFFB43.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log - Could not open the file.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP9\change.log - Could not open the file.
C:\WINDOWS\SchedLgU.Txt - Could not open the file.
C:\WINDOWS\Sti_Trace.log - Could not open the file.
C:\WINDOWS\wiadebug.log - Could not open the file.
C:\WINDOWS\wiaservc.log - Could not open the file.
C:\WINDOWS\WindowsUpdate.log - Could not open the file.
C:\WINDOWS\Debug\PASSWD.LOG - Could not open the file.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - Could not open the file.
C:\WINDOWS\SYSTEM32\h323log.txt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\Internet.evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP - Could not open the file.
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\_OTMoveIt\MovedFiles\04192008_200620\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.

Files Scanned: 363611
Files Infected: 5
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Java/Shinwow.BH

Files not Cleaned\Deleted\Quarantined (Limit 100): 5

C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04192008_200620\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Finished scanning at 4/19/2008 10:31:44 PM.

#27
greyknight17

Posted 19 April 2008 - 08:58 PM

Malware Expert

Visiting Consultant
16,560 posts

Female or male, I'm sure there are some that are not that computer savvy and while others are more knowledgeable. I'm glad to help out Mary and even more happy now that your issue is resolved

Feel free to delete the C:\_OTMoveIt\ folder to get rid of them once and for all.

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Just want to confirm one more time. Are there any problems now? If none, post back one more time and I will mark this topic as solved.

#28
micha

Posted 19 April 2008 - 09:10 PM

Member

Topic Starter
Member
24 posts

Okay, went into 'my computer'...
brought up C drive, and looked into it for the 'moveit file folder'...
found it and DELETED it...
checked for any other moveit file and none were found...
I will run another scan with CA for C drive and see if anything appears, like the move it file with trapped viruses...
That will tell me it's completely gone...I will repost when it's complete.

#29
micha

Posted 20 April 2008 - 06:31 AM

Member

Topic Starter
Member
24 posts

(ALL VIRUSES PLACED IN RECYCLING, AS EXPECTED)

Files not Cleaned\Deleted\Quarantined (Limit 100): 5

C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04192008_200620\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04192008_200620\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Finished scanning at 4/20/2008 1:29:27 AM.

********EVERYTHING IS IN RECYCLING BIN AS IT SHOULD BE!!!*********

___________________________________________________________

(NOW WE SCAN THE WHOLE COMPUTER, ALL FILES)

Started scanning at 4/20/2008 5:50:25 AM. Engine Ver: 31.1.0. Sig Ver:5714. Sig Date: 4/19/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond7C.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\cert8.db - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\formhistory.dat - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\history.dat - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\key3.db - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\parent.lock - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\search.sqlite - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\urlclassifier2.sqlite - Could not open the file.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\Cache\_CACHE_001_ - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\Cache\_CACHE_002_ - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\Cache\_CACHE_003_ - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\Cache\_CACHE_MAP_ - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041920080420\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_270.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2DB6.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2DCA.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF7ECA.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF876E.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFA4D.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFEE05.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log - Could not open the file.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP10\change.log - Could not open the file.
C:\WINDOWS\SchedLgU.Txt - Could not open the file.
C:\WINDOWS\Sti_Trace.log - Could not open the file.
C:\WINDOWS\wiadebug.log - Could not open the file.
C:\WINDOWS\wiaservc.log - Could not open the file.
C:\WINDOWS\WindowsUpdate.log - Could not open the file.
C:\WINDOWS\Debug\PASSWD.LOG - Could not open the file.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - Could not open the file.
C:\WINDOWS\SYSTEM32\h323log.txt - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - Could not open the file.
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\Internet.evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP - Could not open the file.

Files Scanned: 364968
Files Infected: 0
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Files not Cleaned\Deleted\Quarantined (Limit 100): 0

Finished scanning at 4/20/2008 8:05:04 AM.

(HAPPY DANCE ENSUES.....

THANK GOD NO ONES LOOKING!!!)
I WORSHIP THE GROUND YOU WALK ON...THIS COMPUTER IS CLEAN!!!!!!)