Go to Start > Control Panel > open Java
Click on Delete Files... under the General tab
Make sure ALL three boxes are checked and click OK.
Click OK to Exit Java.
_____________________
Please download Killbox and save it to your desktop.
Next, copy everything in the Quote box below by pressing Ctrl+C
Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select All Files
Now click on the Red Circle with the White X
Press Yes to reboot your computer.
Once rebooted, continue below
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the ComboFix log, and a new HijackThis log.
Have you removed Zone Alarm? I don't see it in your log.
I went to start and then control panel but I could not find anything by the name of java either in the classic view or category view. Is there something else I should do?
And yes i did uninstall zonealarm and a bunch of other programs but i have reinstalled it.
Ok so I followed the instructions. Here are the logs:
HJT scan log:
Logfile of HijackThis v1.99.1
Scan saved at 2:28:19 AM, on 03/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
It's a good idea to Flush your System Restore points after ridding yourself of malware: You can clean this by doing the following:
Click Start | Help and Support | Undo changes to your computer with System Restore.
Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
Close the Help and Support Center box.
Click Start | Run and type Cleanmgr
Select (C: ) then click OK.
Click the More Options tab.
Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
I suggest you now download and install SP2 since it fixes many bugs and many other security flaws in Windows. If you do get SP2, please post a final HijackThis log.
Hi Trogan, I followed the rest of your instructions as well and everything seemed to go well. I am also going to download SP2 and will post a log afterwards. I just had a a few questions - what is that JRE used for? and as you know right now i have AVG spyware and antivirus plus zone alarm. Is there any thing else you recommend i download or do that would help keep the computer clean?
There is also one other thing. I have been having this problem for months now. When I attempt to restar or shut off my computer it will freeze at the windows screen where is says windows is shutting down and it will just stay like that. I have been dealing with this by just yanking the plug. I thought it may have been a spywayre or virus problem but it doesnt seem so now. would this be a hardware problem?
And again, I appreiciate all of your help. We could learn a lot more than just about computers from the volunteers who help people in this forum.
You could also download SpywareGuard. That, plus the programs you have now should be sufficient protection if updated and scanned with regularly.
About your shutting down problem. That used to happen to my computer about a year ago, but I can't remember what caused it. It certainly isn't malware. Before we try anything, how long have you left it to shutdown by itself?
I have left it for several hours and even overnight aswell. I also turn off my computer every night and I am not sure if this yanking and replugging is really good for the computer.
Yeah, I agree. Yanking the cord doesn't really help things.
Before getting SP2, I'd like for one more scan please.
Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop
Step 2.
==========
- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.
Hi Trojan, I ran the blbeta.exe scan and it doesnt seem like anything showed up. I have posted the log. Should I go ahead and download SP2 and post a new HJT log?
I have updated my computer to SP2 and have posted a new HJT log.
I Also noticed that my computer was a little bit slower than usual so I decided to run a few more scans just to see if anything would come up. After running spybot the scan found several problems but was able to fix them and they didnt show up on the second scan. I also ran another Kaspersky scan. While running the Kaspersky scan I got several alerts form the AVG anitvirus telling me that a threat was detectedwhile opening file:
I tried to select the 'move to vault' option for these files but I recieved a message that said:
Requested action is not available for this object. Access to file has been
denied.
So I just selected the ignore option. The Kaspersky scan also found some things as well. I dont understand where these could have come from as I have not been browsing the internet very much except for a few trusted sites such as yours, microsoft etc...
Is my system still infected or am I just being paranoid.
Oh also, I ran am running an AVG scan right now and it found 2 infections in the Killbox folder in my C drive but it was able to heal them. I also deleted the Killbox folder.
The Kaspersky log was way to long so I just cut and pasted what it seemed ot have found:
Saturday, November 04, 2006 8:22:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/11/2006
Kaspersky Anti-Virus database records: 238358
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 45394
Number of viruses found 2
Number of infected objects 8 / 0
Number of suspicious objects 6
Duration of the scan process 01:45:01
Logfile of HijackThis v1.99.1
Scan saved at 9:04:18 PM, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Copy everything in the Quote box below by pressing Ctrl+C
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaorp_exe.vir
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winehoxn_exe.vir
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjdmasb_exe.vir
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjopol_exe.vir
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winkspe_exe.vir
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvauruw_exe.vir
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winviuiwj_exe.vir
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvtpd_exe.vir
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaqhu.exe
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winxkqp.exe
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winyany.exe
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaqhu.exe
Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select All Files
Now click on the Red Circle with the White X
Press Yes to reboot your computer.
Update AVG anti-spyware and run a Full System Scan. Save a log and post that back here, along with a new HijackThis log.
Hi Trojan,
I havent been succesfull in deleting the files using KillBox. I followed your instructions up to the point where I press the red circle with the white X. At that time I get several virus alerts from AVG telling me that I have infected files on my system (the same ones im trying to delete with killbox). I press ignore on all of the alerts and try to carry on with killbox. After the reboot countdown is over on killbox I get an alert telling me that "Pending File Rename Operations RegistryData has been Removed by external Process" and My system does not reboot. I tried turning off AVG so that I dont get the alerts while using killbox but I stll get the same message and I am not able to reboot and delete the files.
I am running an AVG scan right now and will post the log as soon as its done.
Please let me know if there is anything else I can do.
Thanks for your help
Ok Trojan, so I finished the AVG scan and it found something like 50 viruses all of which where in C:\!KillBox. AVG cleaned the files at the end of the scan but I am not sure how to post the log as it is saved as a micorsoft excel file. Let me see if I can attach it as an attachment...
No I wasnt able to upload it as it was an invalid file
Is there another way I should be posting the log?
I tried the KillBox procedure again and it is giving me the same message and I am also getting the same virus alerts from avg at the same time. I got these same alerts from avg when I was running the Kaspersky scan. Why didnt these virus's show up in the scan? what should I do??
C:\Documents and Settings\hedayat sharifi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-2208c470.zip=>Gummy.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\hedayat sharifi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-2208c470.zip=>Gummy.class
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-2208c470.zip=>Gummy.class
Deleted
C:\Documents and Settings\hedayat sharifi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-2208c470.zip
Updated
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaorp_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaorp_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaorp_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winehoxn_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winehoxn_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winehoxn_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjdmasb_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjdmasb_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjdmasb_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjopol_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjopol_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjopol_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winkspe_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winkspe_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winkspe_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvauruw_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvauruw_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvauruw_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winviuiwj_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winviuiwj_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winviuiwj_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvtpd_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvtpd_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvtpd_exe.vir
Deleted
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:05:29 AM, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Ok so I deleted the killbox folder and ran another avg scan and it came out clean. I also ran another kaspersky scan which found one virus and 6 suspicious files. I would post the log but it is extremely long and it wouldnt fit in one post. Let me know if I should post it. The strange thing is that after running the avg, and it came out clean, I still got the same alerts from avg while Kaspersky was running a scan. It seems like I only get these alerts while im running a scan on something else. At this point I dont know what is going and wether or not my computer is clean or still infected
Do you have any ideas Trojan? I know im dragging this thread on and on but i just want to make sure my system is clean.
Please post a new thread in the forum, this avoids confusion as multiple posts from different users in the same thread make it all that much harder for the SVT Team to assist the original thread starter.:)
piervi, you have a Smitfraud infection. Follow my guide here to remove it. Start a thread and post the logs afterwards.
_________________
New Day, if you could attach the Kaspersky log to a post that would be good. Its not unusual for Anti-Virus program to throw alerts while another trying to run an online scan.
Your HijackThis log is clean. These alerts could be False Positive.
Hi Trojan, so I ran a Kaspersky scan this morning and it found 1 virus and 6 suspisious files.While I was running it I continued to get AVG alerts for infected files. I can post the name of the files if you need me to. So I shouldnt be worried about these alerts? I tried to post the Kaspersky scan log but it is way too long. I think it would need 10 or more posts. I think this may be because I didnt clean out temporary internet files. Im going to run atf cleaner and run another scan and see if it shortens. Is there anything else I should do?? Thanks for your help.
Hi Trojan, Sorry for the late reply. I just wanted to let you know that I just got a windows XP cd in the mail from ordering the genuine advantage kit from micorsoft. I think Im going to try and format my computer and start clean. I just want to be sure though... will this guarantee that I will get rid of any virus's or anything else that might still be on my system?
Also I just wanted to thank you once agian for your assistance. I dont know what I would have done if you hadnt helped me out (probably spend hundreds of dollars to fix my pc). Thanx!
Hi Trojan, Sorry for the late reply. I just wanted to let you know that I just got a windows XP cd in the mail from ordering the genuine advantage kit from micorsoft. I think Im going to try and format my computer and start clean. I just want to be sure though... will this guarantee that I will get rid of any virus's or anything else that might still be on my system?
Yes! Formating will wipe the hard drive totally clean, so nothing will be left behind.
Also I just wanted to thank you once agian for your assistance. I dont know what I would have done if you hadnt helped me out (probably spend hundreds of dollars to fix my pc). Thanx!
Your welcome! Let me know how the formatting goes.
Hi Trojan, I wanted to format my pc today and I was looking for some directions. I remeber there was a thread posted here about a keylogger problem in which someone named spywareshooter posted a link to a place with instructions on how to format but i dont seem to be able to find that thread anymore. If you or anyone else knows where i can get some instructions I would appreciate it.
Comments
Go to Start > Control Panel > open Java
Click on Delete Files... under the General tab
Make sure ALL three boxes are checked and click OK.
Click OK to Exit Java.
_____________________
Please download Killbox and save it to your desktop.
Next, copy everything in the Quote box below by pressing Ctrl+C Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select All Files
Now click on the Red Circle with the White X
Press Yes to reboot your computer.
Once rebooted, continue below
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the ComboFix log, and a new HijackThis log.
Have you removed Zone Alarm? I don't see it in your log.
I went to start and then control panel but I could not find anything by the name of java either in the classic view or category view. Is there something else I should do?
And yes i did uninstall zonealarm and a bunch of other programs but i have reinstalled it.
HJT scan log:
Logfile of HijackThis v1.99.1
Scan saved at 2:28:19 AM, on 03/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/08d20d0788668fab6404/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157606302148
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162074166670
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
hedayat - 06-11-03 2:25:39.18 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\hedayat\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-10-03 to 2006-11-03 ))))))))))))))))))))))))))))))))))
2006-11-02 01:32 57,856 --a
C:\WINDOWS\system32\drivers\drmk.sys
2006-11-02 01:32 134,272 --a
C:\WINDOWS\system32\drivers\portcls.sys
2006-11-01 15:31 3,968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-01 01:24 4,960 --a
C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-01 01:24 3,968 --a
C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-01 01:24 28,416 --a
C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-01 01:23 816,672 --a
C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-01 01:23 4,224 --a
C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-31 22:27 9,216 --a
C:\WINDOWS\system32\wuauserv.dll
2006-10-31 22:27 86,016 --a
C:\WINDOWS\system32\xactsrv.dll
2006-10-31 22:27 77,824 --a
C:\WINDOWS\system32\wmpstub.exe
2006-10-31 22:27 77,824 --a
C:\WINDOWS\system32\wmpshell.dll
2006-10-31 22:27 56,832 --a
C:\WINDOWS\system32\wzcdlg.dll
2006-10-31 22:27 51,200 --a
C:\WINDOWS\system32\wmerrenu.dll
2006-10-31 22:27 446,464 --a
C:\WINDOWS\system32\wmvdmoe.dll
2006-10-31 22:27 442,398 --a
C:\WINDOWS\system32\wmadmoe.dll
2006-10-31 22:27 38,912 --a
C:\WINDOWS\system32\wsnmp32.dll
2006-10-31 22:27 311,327 --a
C:\WINDOWS\system32\wmv8dmod.dll
2006-10-31 22:27 296,448 --a
C:\WINDOWS\system32\wmstream.dll
2006-10-31 22:27 294,912 --a
C:\WINDOWS\system32\wmvdmod.dll
2006-10-31 22:27 274,432 --a
C:\WINDOWS\system32\wmasf.dll
2006-10-31 22:27 264,704 --a
C:\WINDOWS\system32\wzcsvc.dll
2006-10-31 22:27 253,952 --a
C:\WINDOWS\system32\wmpcd.dll
2006-10-31 22:27 253,952 --a
C:\WINDOWS\system32\wmnetmgr.dll
2006-10-31 22:27 247,808 --a
C:\WINDOWS\system32\wow32.dll
2006-10-31 22:27 23,552 --a
C:\WINDOWS\system32\wzcsapi.dll
2006-10-31 22:27 172,664 --a
C:\WINDOWS\system32\xenroll.dll
2006-10-31 22:27 17,408 --a
C:\WINDOWS\system32\wtsapi32.dll
2006-10-31 22:27 13,312 --a
C:\WINDOWS\system32\wship6.dll
2006-10-31 22:27 118,784 --a
C:\WINDOWS\system32\wmsdmoe.dll
2006-10-31 22:27 110,592 --a
C:\WINDOWS\system32\wmsdmod.dll
2006-10-31 22:27 1,998,848 --a
C:\WINDOWS\system32\wmploc.dll
2006-10-31 22:27 1,404,928 --a
C:\WINDOWS\system32\wmpui.dll
2006-10-31 22:27 1,298,432 --a
C:\WINDOWS\system32\wmpcore.dll
2006-10-31 22:27 1,220,608 --a
C:\WINDOWS\system32\wmvcore.dll
2006-10-31 22:26 86,528 --a
C:\WINDOWS\system32\wlnotify.dll
2006-10-31 22:26 61,952 --a
C:\WINDOWS\system32\webclnt.dll
2006-10-31 22:26 60,416 --a
C:\WINDOWS\system32\wextract.exe
2006-10-31 22:26 48,128 --a
C:\WINDOWS\system32\winsta.dll
2006-10-31 22:26 409,088 --a
C:\WINDOWS\system32\vssapi.dll
2006-10-31 22:26 316,416 --a
C:\WINDOWS\system32\wiaservc.dll
2006-10-31 22:26 266,752 --a
C:\WINDOWS\winhlp32.exe
2006-10-31 22:26 258,048 --a
C:\WINDOWS\system32\webcheck.dll
2006-10-31 22:26 184,320 --a
C:\WINDOWS\system32\wmadmod.dll
2006-10-31 22:26 171,520 --a
C:\WINDOWS\system32\winmm.dll
2006-10-31 22:26 168,448 --a
C:\WINDOWS\system32\wldap32.dll
2006-10-31 22:26 165,376 --a
C:\WINDOWS\system32\w32time.dll
2006-10-31 22:26 16,384 --a
C:\WINDOWS\system32\watchdog.sys
2006-10-31 22:26 124,928 --a
C:\WINDOWS\system32\webvw.dll
2006-10-31 22:26 119,808 --a
C:\WINDOWS\system32\wiadss.dll
2006-10-31 22:25 48,640 --a
C:\WINDOWS\system32\vdmredir.dll
2006-10-31 22:25 479,261 --a
C:\WINDOWS\system32\vbscript.dll
2006-10-31 22:25 47,616 --a
C:\WINDOWS\system32\utilman.exe
2006-10-31 22:25 339,456 --a
C:\WINDOWS\system32\usp10.dll
2006-10-31 22:25 32,256 --a
C:\WINDOWS\system32\umandlg.dll
2006-10-31 22:25 231,424 --a
C:\WINDOWS\system32\upnpui.dll
2006-10-31 22:25 203,264 --a
C:\WINDOWS\system32\uxtheme.dll
2006-10-31 22:25 164,864 --a
C:\WINDOWS\system32\upnphost.dll
2006-10-31 22:25 16,384 --a
C:\WINDOWS\system32\ups.exe
2006-10-31 22:25 120,320 --a
C:\WINDOWS\system32\upnp.dll
2006-10-31 22:25 107,008 --a
C:\WINDOWS\system32\umpnpmgr.dll
2006-10-31 22:25 106,496 --a
C:\WINDOWS\system32\url.dll
2006-10-31 22:24 9,856
C:\WINDOWS\system32\drivers\tunmp.sys
2006-10-31 22:24 88,064 --a
C:\WINDOWS\system32\tscfgwmi.dll
2006-10-31 22:24 81,920 --a
C:\WINDOWS\system32\trkwks.dll
2006-10-31 22:24 71,168 --a
C:\WINDOWS\system32\telnet.exe
2006-10-31 22:24 71,168 --a
C:\WINDOWS\system32\storprop.dll
2006-10-31 22:24 674,816 --a
C:\WINDOWS\system32\sxs.dll
2006-10-31 22:24 40,960 --a
C:\WINDOWS\system32\tscupgrd.exe
2006-10-31 22:24 384,000 --a
C:\WINDOWS\system32\themeui.dll
2006-10-31 22:24 251,904 --a
C:\WINDOWS\system32\strmdll.dll
2006-10-31 22:24 233,984 --a
C:\WINDOWS\system32\tapisrv.dll
2006-10-31 22:24 22,016 --a
C:\WINDOWS\system32\udhisapi.dll
2006-10-31 22:24 200,192 --a
C:\WINDOWS\system32\termsrv.dll
2006-10-31 22:24 165,376 --a
C:\WINDOWS\system32\tapi32.dll
2006-10-31 22:24 128,512 --a
C:\WINDOWS\system32\taskmgr.exe
2006-10-31 22:24 10,752 --a
C:\WINDOWS\system32\tracert.exe
2006-10-31 22:23 82,944 --a
C:\WINDOWS\system32\smlogsvc.exe
2006-10-31 22:23 667,648 --a
C:\WINDOWS\system32\ss3dfo.scr
2006-10-31 22:23 66,560 --a
C:\WINDOWS\system32\spoolss.dll
2006-10-31 22:23 638,976 --a
C:\WINDOWS\system32\sstext3d.scr
2006-10-31 22:23 63,488 --a
C:\WINDOWS\system32\srclient.dll
2006-10-31 22:23 61,952 --a
C:\WINDOWS\system32\sti.dll
2006-10-31 22:23 569,344 --a
C:\WINDOWS\system32\sspipes.scr
2006-10-31 22:23 534,016 --a
C:\WINDOWS\system32\spider.exe
2006-10-31 22:23 5,504
C:\WINDOWS\system32\drivers\smbali.sys
2006-10-31 22:23 43,008 --a
C:\WINDOWS\system32\ssdpsrv.dll
2006-10-31 22:23 385,024 --a
C:\WINDOWS\system32\sqlsrv32.dll
2006-10-31 22:23 364,544 --a
C:\WINDOWS\system32\ssflwbox.scr
2006-10-31 22:23 334,848 --a
C:\WINDOWS\system32\smlogcfg.dll
2006-10-31 22:23 27,136 --a
C:\WINDOWS\system32\ssdpapi.dll
2006-10-31 22:23 226,304 --a
C:\WINDOWS\system32\srrstr.dll
2006-10-31 22:23 22,528 --a
C:\WINDOWS\system32\slayerxp.dll
2006-10-31 22:23 19,456 --a
C:\WINDOWS\system32\ssmarque.scr
2006-10-31 22:23 18,944 --a
C:\WINDOWS\system32\ssbezier.scr
2006-10-31 22:23 17,408 --a
C:\WINDOWS\system32\ssmyst.scr
2006-10-31 22:23 16,896 --a
C:\WINDOWS\system32\snmpapi.dll
2006-10-31 22:23 158,720 --a
C:\WINDOWS\system32\srsvc.dll
2006-10-31 22:23 130,560 --a
C:\WINDOWS\system32\sti_ci.dll
2006-10-31 22:23 13,312 --a
C:\WINDOWS\system32\ssstars.scr
2006-10-31 22:23 117,760 --a
C:\WINDOWS\system32\stobject.dll
2006-10-31 22:22 8,192 --a
C:\WINDOWS\system32\scrnsave.scr
2006-10-31 22:22 74,240 --a
C:\WINDOWS\system32\rtcshare.exe
2006-10-31 22:22 71,168 --a
C:\WINDOWS\system32\sdbinst.exe
2006-10-31 22:22 66,048 --a
C:\WINDOWS\system32\sigverif.exe
2006-10-31 22:22 62,976 --a
C:\WINDOWS\system32\shgina.dll
2006-10-31 22:22 60,416 --a
C:\WINDOWS\system32\shimeng.dll
2006-10-31 22:22 6,144 --a
C:\WINDOWS\system32\sensapi.dll
2006-10-31 22:22 548,864 --a
C:\WINDOWS\system32\rtcdll.dll
2006-10-31 22:22 52,224 --a
C:\WINDOWS\system32\secur32.dll
2006-10-31 22:22 420,864 --a
C:\WINDOWS\system32\shimgvw.dll
2006-10-31 22:22 36,352 --a
C:\WINDOWS\system32\sens.dll
2006-10-31 22:22 33,280 --a
C:\WINDOWS\system32\shmgrate.exe
2006-10-31 22:22 297,984 --a
C:\WINDOWS\system32\scesrv.dll
2006-10-31 22:22 24,064 --a
C:\WINDOWS\system32\skeys.exe
2006-10-31 22:22 22,528 --a
C:\WINDOWS\system32\shfolder.dll
2006-10-31 22:22 20,992 --a
C:\WINDOWS\system32\setup.exe
2006-10-31 22:22 174,592 --a
C:\WINDOWS\system32\scecli.dll
2006-10-31 22:22 171,008 --a
C:\WINDOWS\system32\sccsccp.dll
2006-10-31 22:22 169,984 --a
C:\WINDOWS\system32\sccbase.dll
2006-10-31 22:22 159,232 --a
C:\WINDOWS\system32\schedsvc.dll
2006-10-31 22:22 133,120 --a
C:\WINDOWS\system32\sfc_os.dll
2006-10-31 22:22 12,800 --a
C:\WINDOWS\system32\runonce.exe
2006-10-31 22:22 116,224 --a
C:\WINDOWS\system32\shsvcs.dll
2006-10-31 22:22 11,776 --a
C:\WINDOWS\system32\sigtab.dll
2006-10-31 22:22 1,157,632 --a
C:\WINDOWS\system32\sfcfiles.dll
2006-10-31 22:21 530,432 --a
C:\WINDOWS\system32\rpcrt4.dll
2006-10-31 22:21 260,608 --a
C:\WINDOWS\system32\rpcss.dll
2006-10-31 22:21 133,632 --a
C:\WINDOWS\system32\rsaenh.dll
2006-10-31 22:20 423,424 --a
C:\WINDOWS\system32\riched20.dll
2006-10-31 22:19 56,320 --a
C:\WINDOWS\system32\remotepg.dll
2006-10-31 22:18 44,032 --a
C:\WINDOWS\system32\regapi.dll
2006-10-31 22:18 134,144 --a
C:\WINDOWS\regedit.exe
2006-10-31 22:17 48,128 --a
C:\WINDOWS\system32\reg.exe
2006-10-31 22:17 3,338 --a
C:\WINDOWS\system32\redir.exe
2006-10-31 22:16 75,912 --a
C:\WINDOWS\system32\rdpwsx.dll
2006-10-31 22:16 12,288 --a
C:\WINDOWS\system32\rdsaddin.exe
2006-10-31 22:13 14,848 --a
C:\WINDOWS\system32\rdpsnd.dll
2006-10-31 22:09 87,304 --a
C:\WINDOWS\system32\rdpdd.dll
2006-10-31 22:06 44,032 --a
C:\WINDOWS\system32\rdpclip.exe
2006-10-31 22:04 135,680 --a
C:\WINDOWS\system32\rdchost.dll
2006-10-31 21:59 34,304 --a
C:\WINDOWS\system32\rcimlby.exe
2006-10-31 21:58 91,136 --a
C:\WINDOWS\system32\rastls.dll
2006-10-31 21:56 13,824 --a
C:\WINDOWS\system32\rassapi.dll
2006-10-31 21:55 193,536 --a
C:\WINDOWS\system32\rasppp.dll
2006-10-31 21:52 57,856 --a
C:\WINDOWS\system32\raschap.dll
2006-10-31 21:49 82,944 --a
C:\WINDOWS\system32\psbase.dll
2006-10-31 21:49 17,408 --a
C:\WINDOWS\system32\psapi.dll
2006-10-31 21:49 16,384 --a
C:\WINDOWS\system32\ping.exe
2006-10-31 21:49 1,349,120 --a
C:\WINDOWS\system32\query.dll
2006-10-31 21:48 98,304 --a
C:\WINDOWS\system32\oleprn.dll
2006-10-31 21:48 94,208 --a
C:\WINDOWS\system32\odbccp32.dll
2006-10-31 21:48 891,711
C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-31 21:48 686,080 --a
C:\WINDOWS\system32\opengl32.dll
2006-10-31 21:48 61,440 --a
C:\WINDOWS\system32\odbccu32.dll
2006-10-31 21:48 61,440 --a
C:\WINDOWS\system32\odbccr32.dll
2006-10-31 21:48 58,880 --a
C:\WINDOWS\system32\pautoenr.dll
2006-10-31 21:48 53,248 --a
C:\WINDOWS\system32\packager.exe
2006-10-31 21:48 53,248 --a
C:\WINDOWS\system32\odbcconf.exe
2006-10-31 21:48 328,704 --a
C:\WINDOWS\system32\oakley.dll
2006-10-31 21:48 32,768 --a
C:\WINDOWS\system32\odbcad32.exe
2006-10-31 21:48 3,494,303
C:\WINDOWS\system32\nv4_disp.dll
2006-10-31 21:48 254,976 --a
C:\WINDOWS\system32\pdh.dll
2006-10-31 21:48 24,576 --a
C:\WINDOWS\system32\odbcbcp.dll
2006-10-31 21:48 212,480 --a
C:\WINDOWS\system32\osk.exe
2006-10-31 21:48 200,704 --a
C:\WINDOWS\system32\odbc32.dll
2006-10-31 21:48 16,384 --a
C:\WINDOWS\system32\odbc32gt.dll
2006-10-31 21:48 147,456 --a
C:\WINDOWS\system32\odbctrac.dll
2006-10-31 21:48 137,216 --a
C:\WINDOWS\system32\ntshrui.dll
2006-10-31 21:48 122,880 --a
C:\WINDOWS\system32\odbcconf.dll
2006-10-31 21:48 12,288 --a
C:\WINDOWS\system32\odbcp32r.dll
2006-10-31 21:48 109,568 --a
C:\WINDOWS\system32\offfilt.dll
2006-10-31 21:48 1,169,920 --a
C:\WINDOWS\system32\ole32.dll
2006-10-31 21:47 95,744 --a
C:\WINDOWS\system32\nlhtml.dll
2006-10-31 21:47 49,152 --a
C:\WINDOWS\system32\npptools.dll
2006-10-31 21:47 403,456
C:\WINDOWS\system32\winbrand.dll
2006-10-31 21:47 392,704 --a
C:\WINDOWS\system32\ntmssvc.dll
2006-10-31 21:47 38,400 --a
C:\WINDOWS\system32\ntmsapi.dll
2006-10-31 21:47 38,400 --a
C:\WINDOWS\system32\ntlanman.dll
2006-10-31 21:47 33,808 --a
C:\WINDOWS\system32\ntio.sys
2006-10-31 21:47 24,576 --a
C:\WINDOWS\system32\nmmkcert.dll
2006-10-31 21:47 238,080 --a
C:\WINDOWS\system32\newdev.dll
2006-10-31 21:47 218,112
C:\WINDOWS\system32\sbe.dll
2006-10-31 21:47 19,328
C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-31 21:47 187,904
C:\WINDOWS\system32\xpsp1res.dll
2006-10-31 21:47 165,888 --a
C:\WINDOWS\system32\ntmsdba.dll
2006-10-31 21:47 13,056
C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-31 21:47 112,128 --a
C:\WINDOWS\system32\ntmarta.dll
2006-10-31 21:47 110,080
C:\WINDOWS\system32\sbeio.dll
2006-10-31 21:47 1,677,312
C:\WINDOWS\system32\wmvcore2.dll
2006-10-31 21:46 921,475
C:\WINDOWS\system32\ati3d2ag.dll
2006-10-31 21:46 857,600 --a
C:\WINDOWS\system32\netplwiz.dll
2006-10-31 21:46 844,675
C:\WINDOWS\system32\ati3d1ag.dll
2006-10-31 21:46 63,663
C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-31 21:46 6,912
C:\WINDOWS\system32\drivers\hidir.sys
2006-10-31 21:46 584,192 --a
C:\WINDOWS\system32\netcfgx.dll
2006-10-31 21:46 56,591
C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-31 21:46 504,832
C:\WINDOWS\system32\msftedit.dll
2006-10-31 21:46 5,120
C:\WINDOWS\system32\hccoin.dll
2006-10-31 21:46 450,176
C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-31 21:46 399,360 --a
C:\WINDOWS\system32\netlogon.dll
2006-10-31 21:46 39,424 --a
C:\WINDOWS\system32\net.exe
2006-10-31 21:46 377,984
C:\WINDOWS\system32\ati2dvaa.dll
2006-10-31 21:46 36,463
C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-31 21:46 34,735
C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-31 21:46 327,040
C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-31 21:46 326,656 --a
C:\WINDOWS\system32\netsetup.exe
2006-10-31 21:46 30,671
C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-31 21:46 3,584
C:\WINDOWS\system32\dsprpres.dll
2006-10-31 21:46 29,455
C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-31 21:46 26,367
C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-31 21:46 21,343
C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-31 21:46 202,496
C:\WINDOWS\system32\ati2dvag.dll
2006-10-31 21:46 18,944
C:\WINDOWS\system32\faxpatch.exe
2006-10-31 21:46 172,032
C:\WINDOWS\system32\mssap.dll
2006-10-31 21:46 155,648
C:\WINDOWS\system32\encdec.dll
2006-10-31 21:46 154,112 --a
C:\WINDOWS\system32\netman.dll
2006-10-31 21:46 12,047
C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-31 21:46 115,200 --a
C:\WINDOWS\system32\net1.exe
2006-10-31 21:46 11,904
C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-31 21:46 11,615
C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-31 21:46 105,984 --a
C:\WINDOWS\system32\netdde.exe
2006-10-31 21:46 1,622,528 --a
C:\WINDOWS\system32\netshell.dll
2006-10-31 21:45 9,728 --a
C:\WINDOWS\system32\mstinit.exe
2006-10-31 21:45 81,408 --a
C:\WINDOWS\system32\msoert2.dll
2006-10-31 21:45 699,392 --a
C:\WINDOWS\system32\msxml2.dll
2006-10-31 21:45 598,016 --a
C:\WINDOWS\system32\mstscax.dll
2006-10-31 21:45 552,991 --a
C:\WINDOWS\system32\msrepl40.dll
2006-10-31 21:45 421,919 --a
C:\WINDOWS\system32\msrd2x40.dll
2006-10-31 21:45 42,496 --a
C:\WINDOWS\system32\ncobjapi.dll
2006-10-31 21:45 401,462 --a
C:\WINDOWS\system32\msvcp60.dll
2006-10-31 21:45 388,608 --a
C:\WINDOWS\system32\mstsc.exe
2006-10-31 21:45 348,191 --a
C:\WINDOWS\system32\mspbde40.dll
2006-10-31 21:45 344,095 --a
C:\WINDOWS\system32\msxbde40.dll
2006-10-31 21:45 339,968 --a
C:\WINDOWS\system32\mspaint.exe
2006-10-31 21:45 323,072 --a
C:\WINDOWS\system32\msvcrt.dll
2006-10-31 21:45 253,983 --a
C:\WINDOWS\system32\mstext40.dll
2006-10-31 21:45 250,368 --a
C:\WINDOWS\system32\mstask.dll
2006-10-31 21:45 245,760 --a
C:\WINDOWS\system32\msscp.dll
2006-10-31 21:45 241,725 --a
C:\WINDOWS\system32\msuni11.dll
2006-10-31 21:45 228,864 --a
C:\WINDOWS\system32\msoeacct.dll
2006-10-31 21:45 182,784 --a
C:\WINDOWS\system32\msutb.dll
2006-10-31 21:45 175,104 --a
C:\WINDOWS\system32\mspmsp.dll
2006-10-31 21:45 16,384 --a
C:\WINDOWS\system32\nddenb32.dll
2006-10-31 21:45 131,072 --a
C:\WINDOWS\system32\msorcl32.dll
2006-10-31 21:45 113,664 --a
C:\WINDOWS\system32\msvfw32.dll
2006-10-31 21:45 10,240 --a
C:\WINDOWS\system32\msrle32.dll
2006-10-31 21:45 1,122,304 --a
C:\WINDOWS\system32\msxml3.dll
2006-10-31 21:44 4,608 --a
C:\WINDOWS\system32\msimg32.dll
2006-10-31 21:44 368,710 --a
C:\WINDOWS\system32\msisam11.dll
2006-10-31 21:44 348,195 --a
C:\WINDOWS\system32\msjetoledb40.dll
2006-10-31 21:44 319,760 --a
C:\WINDOWS\system32\msnsspc.dll
2006-10-31 21:44 241,695 --a
C:\WINDOWS\system32\msjtes40.dll
2006-10-31 21:44 22,528 --a
C:\WINDOWS\system32\mslbui.dll
2006-10-31 21:44 213,023 --a
C:\WINDOWS\system32\msltus40.dll
2006-10-31 21:44 174,592 --a
C:\WINDOWS\system32\msnetobj.dll
2006-10-31 21:44 143,872 --a
C:\WINDOWS\system32\msimtf.dll
2006-10-31 21:44 1,503,262 --a
C:\WINDOWS\system32\msjet40.dll
2006-10-31 21:43 68,096 --a
C:\WINDOWS\system32\mscms.dll
2006-10-31 21:43 67,584 --a
C:\WINDOWS\system32\msctfp.dll
2006-10-31 21:43 65,536 --a
C:\WINDOWS\system32\msconf.dll
2006-10-31 21:43 64,512 --a
C:\WINDOWS\system32\msiexec.exe
2006-10-31 21:43 56,320 --a
C:\WINDOWS\system32\mshtmler.dll
2006-10-31 21:43 512,031 --a
C:\WINDOWS\system32\msexch40.dll
2006-10-31 21:43 4,126 --a
C:\WINDOWS\system32\msdxmlc.dll
2006-10-31 21:43 359,936 --a
C:\WINDOWS\system32\msdtcprx.dll
2006-10-31 21:43 319,519 --a
C:\WINDOWS\system32\msexcl40.dll
2006-10-31 21:43 305,664 --a
C:\WINDOWS\system32\msihnd.dll
2006-10-31 21:43 266,752 --a
C:\WINDOWS\system32\msctf.dll
2006-10-31 21:43 229,888 --a
C:\WINDOWS\system32\msieftp.dll
2006-10-31 21:43 2,086,400 --a
C:\WINDOWS\system32\msi.dll
2006-10-31 21:43 126,976 --a
C:\WINDOWS\system32\msdart.dll
2006-10-31 21:43 12,288 --a
C:\WINDOWS\system32\mscpx32r.dll
2006-10-31 21:42 32,256 --a
C:\WINDOWS\system32\mnmdd.dll
2006-10-31 21:42 233,472 --a
C:\WINDOWS\system32\mpg4dmod.dll
2006-10-31 21:42 210,944 --a
C:\WINDOWS\system32\moricons.dll
2006-10-31 21:42 196,096 --a
C:\WINDOWS\system32\mobsync.dll
2006-10-31 21:42 163,840 --a
C:\WINDOWS\system32\mindex.dll
2006-10-31 21:42 116,736 --a
C:\WINDOWS\system32\mplay32.exe
2006-10-31 21:42 1,128,960 --a
C:\WINDOWS\system32\mmcndmgr.dll
2006-10-31 21:41 6,656 --a
C:\WINDOWS\system32\laprxy.dll
2006-10-31 21:41 57,856 --a
C:\WINDOWS\system32\licwmi.dll
2006-10-31 21:41 504,320 --a
C:\WINDOWS\system32\logonui.exe
2006-10-31 21:41 381,440 --a
C:\WINDOWS\system32\lmrt.dll
2006-10-31 21:41 24,576 --a
C:\WINDOWS\system32\logagent.exe
2006-10-31 21:41 219,648 --a
C:\WINDOWS\system32\logon.scr
2006-10-31 21:41 19,456 --a
C:\WINDOWS\system32\licmgr10.dll
2006-10-31 21:41 10,240 --a
C:\WINDOWS\system32\localui.dll
2006-10-31 21:39 91,648 --a
C:\WINDOWS\system32\iuctl.dll
2006-10-31 21:39 73,728 --a
C:\WINDOWS\system32\tlntsess.exe
2006-10-31 21:39 7,168 --a
C:\WINDOWS\system32\tlntsvrp.dll
2006-10-31 21:39 7,040 --a
C:\WINDOWS\system32\kd1394.dll
2006-10-31 21:39 67,584 --a
C:\WINDOWS\system32\tlntsvr.exe
2006-10-31 21:39 60,928 --a
C:\WINDOWS\system32\ipv6.exe
2006-10-31 21:39 57,856 --a
C:\WINDOWS\system32\tlntadmn.exe
2006-10-31 21:39 545,792 --a
C:\WINDOWS\system32\wsecedit.dll
2006-10-31 21:39 51,712 --a
C:\WINDOWS\system32\ipconfig.exe
2006-10-31 21:39 49,664 --a
C:\WINDOWS\system32\ixsso.dll
2006-10-31 21:39 435,200 --a
C:\WINDOWS\system32\ipnathlp.dll
2006-10-31 21:39 42,537 --a
C:\WINDOWS\system32\keyboard.sys
2006-10-31 21:39 318,464 --a
C:\WINDOWS\system32\ippromon.dll
2006-10-31 21:39 272,896 --a
C:\WINDOWS\system32\kerberos.dll
2006-10-31 21:39 231,936 --a
C:\WINDOWS\system32\tracerpt.exe
2006-10-31 21:39 155,648 --a
C:\WINDOWS\system32\ipsecsvc.dll
2006-10-31 21:39 143,872 --a
C:\WINDOWS\system32\itircl.dll
2006-10-31 21:39 134,144 --a
C:\WINDOWS\system32\ipv6mon.dll
2006-10-31 21:39 122,368 --a
C:\WINDOWS\system32\itss.dll
2006-10-31 21:38 89,088 --a
C:\WINDOWS\system32\mqsec.dll
2006-10-31 21:38 67,200 --a
C:\WINDOWS\system32\drivers\mqac.sys
2006-10-31 21:38 613,888 --a
C:\WINDOWS\system32\mqqm.dll
2006-10-31 21:38 57,344 --a
C:\WINDOWS\system32\nwwks.dll
2006-10-31 21:38 478,720 --a
C:\WINDOWS\system32\mqsnap.dll
2006-10-31 21:38 469,504 --a
C:\WINDOWS\system32\mqutil.dll
2006-10-31 21:38 28,160 --a
C:\WINDOWS\system32\pidgen.dll
2006-10-31 21:38 183,296 --a
C:\WINDOWS\system32\gptext.dll
2006-10-31 21:38 17,792
C:\WINDOWS\system32\drivers\irbus.sys
2006-10-31 21:38 164,864 --a
C:\WINDOWS\system32\mqrt.dll
2006-10-31 21:38 164,352 --a
C:\WINDOWS\system32\mqtrig.dll
2006-10-31 21:38 156,544 --a
C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-31 21:38 14,848 --a
C:\WINDOWS\system32\mqise.dll
2006-10-31 21:38 130,048 --a
C:\WINDOWS\system32\mqad.dll
2006-10-31 21:38 113,664 --a
C:\WINDOWS\system32\schtasks.exe
2006-10-31 21:38 103,936 --a
C:\WINDOWS\system32\rsnotify.exe
2006-10-31 21:38 10,752
C:\WINDOWS\system32\spiisupd.exe
2006-10-31 21:37 9,216 --a
C:\WINDOWS\system32\icaapi.dll
2006-10-31 21:37 73,728 --a
C:\WINDOWS\system32\ils.dll
2006-10-31 21:37 67,584 --a
C:\WINDOWS\system32\fdeploy.dll
2006-10-31 21:37 59,392 --a
C:\WINDOWS\system32\iesetup.dll
2006-10-31 21:37 587,776 --a
C:\WINDOWS\system32\inetcomm.dll
2006-10-31 21:37 37,888 --a
C:\WINDOWS\system32\hhsetup.dll
2006-10-31 21:37 36,922 --a
C:\WINDOWS\system32\imeshare.dll
2006-10-31 21:37 30,208 --a
C:\WINDOWS\system32\imgutil.dll
2006-10-31 21:37 294,912 --a
C:\WINDOWS\system32\iedkcs32.dll
2006-10-31 21:37 29,696
C:\WINDOWS\system32\asr_pfu.exe
2006-10-31 21:37 28,672 --a
C:\WINDOWS\system32\ie4uinit.exe
2006-10-31 21:37 277,504 --a
C:\WINDOWS\system32\appmgr.dll
2006-10-31 21:37 240,640 --a
C:\WINDOWS\system32\hnetcfg.dll
2006-10-31 21:37 236,032 --a
C:\WINDOWS\system32\icm32.dll
2006-10-31 21:37 204,288 --a
C:\WINDOWS\system32\ieaksie.dll
2006-10-31 21:37 156,672 --a
C:\WINDOWS\system32\appmgmts.dll
2006-10-31 21:37 126,976 --a
C:\WINDOWS\system32\ieakeng.dll
2006-10-31 21:37 123,904 --a
C:\WINDOWS\system32\imapi.exe
2006-10-31 21:37 115,200 --a
C:\WINDOWS\system32\dpcdll.dll
2006-10-31 21:37 114,176 --a
C:\WINDOWS\system32\input.dll
2006-10-31 21:37 113,152 --a
C:\WINDOWS\system32\idq.dll
2006-10-31 21:37 113,152 --a
C:\WINDOWS\system32\gpresult.exe
2006-10-31 21:37 103,936 --a
C:\WINDOWS\system32\imm32.dll
2006-10-31 21:37 10,752 --a
C:\WINDOWS\hh.exe
2006-10-31 21:36 8,832 --a
C:\WINDOWS\system32\framebuf.dll
2006-10-31 21:35 9,216 --a
C:\WINDOWS\system32\dumprep.exe
2006-10-31 21:35 82,432 --a
C:\WINDOWS\system32\fldrclnr.dll
2006-10-31 21:35 802,304 --a
C:\WINDOWS\system32\dxmrtp.dll
2006-10-31 21:35 76,830 --a
C:\WINDOWS\system32\drmstor.dll
2006-10-31 21:35 66,560 --a
C:\WINDOWS\system32\faultrep.dll
2006-10-31 21:35 602,112 --a
C:\WINDOWS\system32\drmv2clt.dll
2006-10-31 21:35 498,205 --a
C:\WINDOWS\system32\dxmasf.dll
2006-10-31 21:35 49,152 --a
C:\WINDOWS\system32\eventlog.dll
2006-10-31 21:35 45,568 --a
C:\WINDOWS\system32\docprop2.dll
2006-10-31 21:35 380,445 --a
C:\WINDOWS\system32\expsrv.dll
2006-10-31 21:35 266,240 --a
C:\WINDOWS\system32\drmclien.dll
2006-10-31 21:35 263,680 --a
C:\WINDOWS\system32\duser.dll
2006-10-31 21:35 227,840 --a
C:\WINDOWS\system32\dsquery.dll
2006-10-31 21:35 225,280 --a
C:\WINDOWS\system32\es.dll
2006-10-31 21:35 19,456 --a
C:\WINDOWS\system32\fontview.exe
2006-10-31 21:35 19,456 --a
C:\WINDOWS\system32\ersvc.dll
2006-10-31 21:35 180,224 --a
C:\WINDOWS\system32\dwwin.exe
2006-10-31 21:35 178,688 --a
C:\WINDOWS\system32\eudcedit.exe
2006-10-31 21:35 165,376 --a
C:\WINDOWS\system32\els.dll
2006-10-31 21:35 16,384 --a
C:\WINDOWS\system32\ds32gt.dll
2006-10-31 21:35 135,680 --a
C:\WINDOWS\system32\dsprop.dll
2006-10-31 21:35 124,928 --a
C:\WINDOWS\system32\dssenh.dll
2006-10-31 21:35 1,004,032 --a
C:\WINDOWS\explorer.exe
2006-10-31 21:34 98,816 --a
C:\WINDOWS\system32\clipbrd.exe
2006-10-31 21:34 76,288 --a
C:\WINDOWS\system32\dfrgfat.exe
2006-10-31 21:34 70,656 --a
C:\WINDOWS\system32\defrag.exe
2006-10-31 21:34 70,144 --a
C:\WINDOWS\system32\cryptdlg.dll
2006-10-31 21:34 61,440 --a
C:\WINDOWS\system32\dbnetlib.dll
2006-10-31 21:34 557,568 --a
C:\WINDOWS\system32\crypt32.dll
2006-10-31 21:34 55,296 --a
C:\WINDOWS\system32\digest.dll
2006-10-31 21:34 54,272 --a
C:\WINDOWS\system32\clusapi.dll
2006-10-31 21:34 53,248 --a
C:\WINDOWS\system32\cryptsvc.dll
2006-10-31 21:34 489,984 --a
C:\WINDOWS\system32\dbghelp.dll
2006-10-31 21:34 471,040 --a
C:\WINDOWS\system32\cryptui.dll
2006-10-31 21:34 41,472 --a
C:\WINDOWS\system32\cmdl32.exe
2006-10-31 21:34 35,328 --a
C:\WINDOWS\system32\dfrgsnap.dll
2006-10-31 21:34 324,608 --a
C:\WINDOWS\system32\cmdial32.dll
2006-10-31 21:34 307,712 --a
C:\WINDOWS\system32\cscui.dll
2006-10-31 21:34 28,672 --a
C:\WINDOWS\system32\dbnmpntw.dll
2006-10-31 21:34 263,168 --a
C:\WINDOWS\system32\devmgr.dll
2006-10-31 21:34 25,600 --a
C:\WINDOWS\system32\dfsshlex.dll
2006-10-31 21:34 24,576 --a
C:\WINDOWS\system32\dbmsvinn.dll
2006-10-31 21:34 24,576 --a
C:\WINDOWS\system32\dbmsrpcn.dll
2006-10-31 21:34 24,576 --a
C:\WINDOWS\system32\conime.exe
2006-10-31 21:34 238,592 --a
C:\WINDOWS\system32\compatui.dll
2006-10-31 21:34 20,480 --a
C:\WINDOWS\system32\dbmsadsn.dll
2006-10-31 21:34 168,960 --a
C:\WINDOWS\system32\dinput8.dll
2006-10-31 21:34 158,720 --a
C:\WINDOWS\system32\credui.dll
2006-10-31 21:34 151,552 --a
C:\WINDOWS\system32\dinput.dll
2006-10-31 21:34 13,312 --a
C:\WINDOWS\system32\ctfmon.exe
2006-10-31 21:34 113,152 --a
C:\WINDOWS\system32\dfrgui.dll
2006-10-31 21:34 103,424 --a
C:\WINDOWS\system32\dgnet.dll
2006-10-31 21:34 1,172,992 --a
C:\WINDOWS\system32\comsvcs.dll
2006-10-31 21:33 91,648 --a
C:\WINDOWS\system32\ahui.exe
2006-10-31 21:33 91,136 --a
C:\WINDOWS\system32\advpack.dll
2006-10-31 21:33 8,192 --a
C:\WINDOWS\system32\autolfn.exe
2006-10-31 21:33 76,288 --a
C:\WINDOWS\system32\avifil32.dll
2006-10-31 21:33 74,810 --a
C:\WINDOWS\system32\atl.dll
2006-10-31 21:33 71,680 --a
C:\WINDOWS\system32\browsewm.dll
2006-10-31 21:33 64,512 --a
C:\WINDOWS\system32\ciodm.dll
2006-10-31 21:33 62,976 --a
C:\WINDOWS\system32\browselc.dll
2006-10-31 21:33 6,656 --a
C:\WINDOWS\system32\batt.dll
2006-10-31 21:33 59,904 --a
C:\WINDOWS\system32\cabinet.dll
2006-10-31 21:33 582,656 --a
C:\WINDOWS\system32\catsrvut.dll
2006-10-31 21:33 5,120 --a
C:\WINDOWS\system32\asferror.dll
2006-10-31 21:33 49,152 --a
C:\WINDOWS\system32\browser.dll
2006-10-31 21:33 41,984 --a
C:\WINDOWS\system32\alg.exe
2006-10-31 21:33 38,912 --a
C:\WINDOWS\system32\audiosrv.dll
2006-10-31 21:33 32,768 --a
C:\WINDOWS\system32\cfgbkend.dll
2006-10-31 21:33 32,512
C:\WINDOWS\system32\drivers\amdk7.sys
2006-10-31 21:33 239,616 --a
C:\WINDOWS\system32\adsnt.dll
2006-10-31 21:33 22,528 --a
C:\WINDOWS\system32\at.exe
2006-10-31 21:33 186,880 --a
C:\WINDOWS\system32\certcli.dll
2006-10-31 21:33 179,712 --a
C:\WINDOWS\system32\cewmdm.dll
2006-10-31 21:33 14,366 --a
C:\WINDOWS\system32\asfsipc.dll
2006-10-31 21:33 115,712 --a
C:\WINDOWS\system32\apphelp.dll
2006-10-31 21:32 62,464 --a
C:\WINDOWS\system32\adsmsext.dll
2006-10-31 21:32 162,816 --a
C:\WINDOWS\system32\adsldp.dll
2006-10-31 21:32 139,776 --a
C:\WINDOWS\system32\adsldpc.dll
2006-10-31 21:30 59,392 --a
C:\WINDOWS\system32\6to4svc.dll
2006-10-31 20:11 316,928 --a
C:\WINDOWS\system32\zipfldr.dll
2006-10-31 20:11 24,576 --a
C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-17 00:39 7,552 --a
C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2006-10-17 00:39 21,760 --a
C:\WINDOWS\system32\drivers\usbstor.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-03 02:02
d
C:\Program Files\Zone Labs
2006-11-03 01:46
d---s---- C:\Documents and Settings\hedayat\Application Data\Microsoft
2006-11-03 01:34
d
C:\Program Files\Hijackthis
2006-11-02 23:32
d-a
C:\Program Files\Internet Explorer
2006-11-02 23:30
d
C:\Program Files\Common Files\LightScribe
2006-11-02 22:07
d
C:\Documents and Settings\hedayat\Application Data\AVG7
2006-11-02 01:08
d
C:\Program Files\Lavasoft
2006-11-02 01:08
d
C:\Documents and Settings\hedayat\Application Data\Lavasoft
2006-11-02 01:07
d
C:\Program Files\Mozilla Firefox
2006-11-01 15:31
d
C:\Program Files\Grisoft
2006-11-01 01:15
d
C:\Program Files\Common Files\Symantec Shared
2006-11-01 01:14
d
C:\Program Files\Symantec
2006-10-31 23:15
d
C:\Program Files\Messenger
2006-10-31 23:04
dra
C:\Program Files\Windows Media Player
2006-10-31 23:04
dra
C:\Program Files\Outlook Express
2006-10-31 23:04
dra
C:\Program Files\NetMeeting
2006-10-31 23:04
d
C:\Program Files\Movie Maker
2006-10-31 23:03
d-a
C:\Program Files\Common Files\SYSTEM
2006-10-28 17:24
d-ah
C:\Program Files\WindowsUpdate
2006-10-20 18:59
dra
C:\Program Files\Common Files
2006-10-16 23:45
d
C:\Documents and Settings\hedayat\Application Data\Mozilla
2006-10-16 23:19
d
C:\Program Files\PCPitstop
2006-09-20 23:29
d
C:\Documents and Settings\hedayat\Application Data\Symantec
2006-09-20 02:14
d
C:\Program Files\Online Services
2006-09-20 02:11
d
C:\Program Files\MSN
2006-09-20 01:34
d
C:\Program Files\Common Files\Adobe
2006-09-20 01:34
d
C:\Documents and Settings\hedayat\Application Data\Ahead
2006-09-15 21:52 91904 --a
C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 21:52 124016 --a
C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 23:02
d
C:\Program Files\Adobe
2006-09-13 23:02
d
C:\Documents and Settings\hedayat\Application Data\Adobe
2006-09-08 03:18
d
C:\Documents and Settings\hedayat\Application Data\ACD Systems
2006-09-08 02:55
d
C:\Documents and Settings\hedayat\Application Data\Macromedia
2006-09-08 02:48
d
C:\Program Files\Yahoo!
2006-09-08 01:57
d
C:\Program Files\Sony Corporation
2006-09-08 01:56
d--h
C:\Program Files\InstallShield Installation Information
2006-09-08 01:39
d
C:\Program Files\Microsoft Office
2006-09-08 01:32
dra
C:\Program Files\Common Files\Microsoft Shared
2006-09-08 01:23
d
C:\Program Files\Ahead
2006-09-08 00:57
d
C:\Program Files\PolderbitS
2006-09-08 00:10
d
C:\Documents and Settings\hedayat\Application Data\Real
2006-09-08 00:07
d
C:\Program Files\Real
2006-09-07 22:55
d
C:\Documents and Settings\hedayat\Application Data\Help
2006-09-07 02:49
d
C:\Documents and Settings\hedayat\Application Data\Identities
2006-09-07 02:30
d
C:\Program Files\ComPlus Applications
2006-09-07 02:29
d
C:\Program Files\Windows NT
2006-09-07 00:36 499712 --a
C:\WINDOWS\system32\msvcp71.dll
2006-09-07 00:36 348160 --a
C:\WINDOWS\system32\msvcr71.dll
2006-09-06 19:09 62 --ahs---- C:\Documents and Settings\hedayat\Application Data\desktop.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NWEReboot"=""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-03 2:26:26.93
C:\ComboFix.txt ... 06-11-03 02:26
Just some tidying up now, starting with the download of Java.
It's a good idea to Flush your System Restore points after ridding yourself of malware: You can clean this by doing the following:
- Click Start | Help and Support | Undo changes to your computer with System Restore.
- Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
- Close the Help and Support Center box.
- Click Start | Run and type Cleanmgr
- Select (C: ) then click OK.
- Click the More Options tab.
- Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.I suggest you now download and install SP2 since it fixes many bugs and many other security flaws in Windows. If you do get SP2, please post a final HijackThis log.
There is also one other thing. I have been having this problem for months now. When I attempt to restar or shut off my computer it will freeze at the windows screen where is says windows is shutting down and it will just stay like that. I have been dealing with this by just yanking the plug. I thought it may have been a spywayre or virus problem but it doesnt seem so now. would this be a hardware problem?
And again, I appreiciate all of your help. We could learn a lot more than just about computers from the volunteers who help people in this forum.
About your shutting down problem. That used to happen to my computer about a year ago, but I can't remember what caused it. It certainly isn't malware. Before we try anything, how long have you left it to shutdown by itself?
Before getting SP2, I'd like for one more scan please.
Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop
Step 2.
==========
- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.
blbeta scan log:
11/03/06 17:27:17 [Info]: BlackLight Engine 1.0.47 initialized
11/03/06 17:27:17 [Info]: OS: 5.1 build 2600 (Service Pack 1)
11/03/06 17:27:24 [Note]: 7019 4
11/03/06 17:27:24 [Note]: 7005 0
11/03/06 17:28:35 [Note]: 7006 0
11/03/06 17:28:35 [Note]: 7011 1652
11/03/06 17:28:38 [Note]: 7026 0
11/03/06 17:28:39 [Note]: 7026 0
11/03/06 17:29:14 [Note]: FSRAW library version 1.7.1020
11/03/06 17:29:25 [Note]: 4013 12913
11/03/06 17:29:25 [Note]: 4020 13670 262144
11/03/06 17:29:25 [Note]: 4020 13670 262144
11/03/06 17:29:25 [Note]: 4018 13670 262144
11/03/06 17:29:25 [Note]: 4013 12913
11/03/06 17:29:25 [Note]: 4020 13670 262144
11/03/06 17:29:25 [Note]: 4018 13670 262144
11/03/06 17:54:20 [Note]: 7007 0
I have updated my computer to SP2 and have posted a new HJT log.
I Also noticed that my computer was a little bit slower than usual so I decided to run a few more scans just to see if anything would come up. After running spybot the scan found several problems but was able to fix them and they didnt show up on the second scan. I also ran another Kaspersky scan. While running the Kaspersky scan I got several alerts form the AVG anitvirus telling me that a threat was detectedwhile opening file:
C:\DocumentsandSettings\hedayatsharifi\LocalSettings\temp\winaqhu.exe
C:\DocumentsandSettings\hedayatsharifi\LocalSettings\temp\winxkqp.exe
C:\DocumentsandSettings\hedayatsharifi\LocalSettings\temp\winyany.exe
C:\DocumentsandSettings\hedayatsharifi\LocalSettings\temp\winaqhu.exe
Trojan Horse Proxy.ECN
I tried to select the 'move to vault' option for these files but I recieved a message that said:
Requested action is not available for this object. Access to file has been
denied.
So I just selected the ignore option. The Kaspersky scan also found some things as well. I dont understand where these could have come from as I have not been browsing the internet very much except for a few trusted sites such as yours, microsoft etc...
Is my system still infected or am I just being paranoid.
Oh also, I ran am running an AVG scan right now and it found 2 infections in the Killbox folder in my C drive but it was able to heal them. I also deleted the Killbox folder.
The Kaspersky log was way to long so I just cut and pasted what it seemed ot have found:
Saturday, November 04, 2006 8:22:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/11/2006
Kaspersky Anti-Virus database records: 238358
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 45394
Number of viruses found 2
Number of infected objects 8 / 0
Number of suspicious objects 6
Duration of the scan process 01:45:01
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmartSearch4.zip/notepad32.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmartSearch4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/VXH8JKDQ2.EXE Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC18.zip/VXH8JKDQ2.EXE Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC18.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaorp_exe.vir Infected: Trojan-Proxy.Win32.Agent.dd skipped
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winehoxn_exe.vir Infected: Trojan-Proxy.Win32.Agent.dd skipped
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjdmasb_exe.vir Infected: Trojan-Proxy.Win32.Agent.dd skipped
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjopol_exe.vir Infected: Trojan-Proxy.Win32.Agent.dd skipped
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winkspe_exe.vir Infected: Trojan-Proxy.Win32.Agent.dd skipped
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvauruw_exe.vir Infected: Trojan-Proxy.Win32.Agent.dd skipped
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winviuiwj_exe.vir Infected: Trojan-Proxy.Win32.Agent.dd skipped
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvtpd_exe.vir Infected: Trojan-Proxy.Win32.Agent.dd skipped
Logfile of HijackThis v1.99.1
Scan saved at 9:04:18 PM, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/08d20d0788668fab6404/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157606302148
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162074166670
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Copy everything in the Quote box below by pressing Ctrl+C Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select All Files
Now click on the Red Circle with the White X
Press Yes to reboot your computer.
Update AVG anti-spyware and run a Full System Scan. Save a log and post that back here, along with a new HijackThis log.
I havent been succesfull in deleting the files using KillBox. I followed your instructions up to the point where I press the red circle with the white X. At that time I get several virus alerts from AVG telling me that I have infected files on my system (the same ones im trying to delete with killbox). I press ignore on all of the alerts and try to carry on with killbox. After the reboot countdown is over on killbox I get an alert telling me that "Pending File Rename Operations RegistryData has been Removed by external Process" and My system does not reboot. I tried turning off AVG so that I dont get the alerts while using killbox but I stll get the same message and I am not able to reboot and delete the files.
I am running an AVG scan right now and will post the log as soon as its done.
Please let me know if there is anything else I can do.
Thanks for your help
Is there another way I should be posting the log?
I tried the KillBox procedure again and it is giving me the same message and I am also getting the same virus alerts from avg at the same time. I got these same alerts from avg when I was running the Kaspersky scan. Why didnt these virus's show up in the scan? what should I do??
What are the location of alerts? If its the C:\!KillBox, then you can delete that folder.
Thx
Bitdefender log:
BitDefender Online Scanner
Scan report generated at: Mon, Nov 06, 2006 - 05:28:09
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
01:57:48
Files
297336
Folders
3437
Boot Sectors
4
Archives
1369
Packed Files
23143
Results
Identified Viruses
2
Infected Files
9
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
9
Engines Info
Virus Definitions
312636
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\hedayat sharifi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-2208c470.zip=>Gummy.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\hedayat sharifi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-2208c470.zip=>Gummy.class
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-2208c470.zip=>Gummy.class
Deleted
C:\Documents and Settings\hedayat sharifi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-501a5588-2208c470.zip
Updated
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaorp_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaorp_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winaorp_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winehoxn_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winehoxn_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winehoxn_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjdmasb_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjdmasb_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjdmasb_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjopol_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjopol_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winjopol_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winkspe_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winkspe_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winkspe_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvauruw_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvauruw_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvauruw_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winviuiwj_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winviuiwj_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winviuiwj_exe.vir
Deleted
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvtpd_exe.vir
Infected with: Generic.Malware.FM!Ydoe.DCD729E9
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvtpd_exe.vir
Disinfection failed
C:\Documents and Settings\hedayat sharifi\Local Settings\Temp\winvtpd_exe.vir
Deleted
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:05:29 AM, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Folding\FAH502-Console.exe
C:\Folding\FahCore_78.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/08d20d0788668fab6404/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157606302148
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162074166670
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FAH@C:+Documents and Settings+hedayat+Desktop+FAH504-Console.exe - Unknown owner - C:\Documents and Settings\hedayat\Desktop\FAH504-Console.exe (file missing)
O23 - Service: [email]FAH@C:+Folding+FAH502-Console.exe[/email] - Stanford University - C:\Folding\FAH502-Console.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Do you have any ideas Trojan? I know im dragging this thread on and on but i just want to make sure my system is clean.
Thanks for all your help
Please post a new thread in the forum, this avoids confusion as multiple posts from different users in the same thread make it all that much harder for the SVT Team to assist the original thread starter.:)
Shal
_________________
New Day, if you could attach the Kaspersky log to a post that would be good. Its not unusual for Anti-Virus program to throw alerts while another trying to run an online scan.
Your HijackThis log is clean. These alerts could be False Positive.
Also I just wanted to thank you once agian for your assistance. I dont know what I would have done if you hadnt helped me out (probably spend hundreds of dollars to fix my pc). Thanx!
Thanks