Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow System [RESOLVED]


  • This topic is locked This topic is locked

#1
suecal

suecal

    Member

  • Member
  • PipPip
  • 11 posts
Hi, I have done all the programs recommended in 'click here' and here is my Hijack This log.
Logfile of HijackThis v1.99.1
Scan saved at 11:36:10 AM, on 04/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoctrl.exe
C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Jon\My Documents\My Received Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://raidersohyeah...d.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://raidersohyeah...d.com/index.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [rcj] C:\WINDOWS\rcj.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.24...va/cfs40320.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093052610960
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.co...gameloader6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.co...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/me...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

and here is Edwido report

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:12:59 AM, 04/06/2005
+ Report-Checksum: 51EDC83C

+ Date of database: 04/06/2005
+ Version of scan engine: v3.0

+ Duration: 81 min
+ Scanned Files: 78425
+ Speed: 16.07 Files/Second
+ Infected files: 3
+ Removed files: 3
+ Files put in quarantine: 3
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\dd.exe -> Spyware.WinAD.ai -> Cleaned with backup
C:\Documents and Settings\Jon\Cookies\jon@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b -> Cleaned with backup


::Report End

Thanks heaps
Sue
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi suecal

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Run Ewido

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [rcj] C:\WINDOWS\rcj.exe
O4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.co...gameloader6.cab

Click on Fix Checked when finished and exit HijackThis.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\rcj.exe<--Delete this file
mssmmspgr.exe<--Delete this file
Exit Explorer.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Reboot as normal.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda, ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
suecal

suecal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:02:28 AM, 8/06/2005
+ Report-Checksum: 2C954E8C

+ Date of database: 6/06/2005
+ Version of scan engine: v3.0

+ Duration: 49 min
+ Scanned Files: 91630
+ Speed: 30.78 Files/Second
+ Infected files: 25
+ Removed files: 25
+ Files put in quarantine: 25
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Jon\Cookies\jon@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jon\Cookies\jon@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jon\Cookies\jon@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jon\Cookies\jon@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jon\Cookies\jon@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@bfast[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@debnb.imixserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@delb.imixserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@demr.imixserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@depl.imixserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@desky.imixserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@imixserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 10:04:20 AM, on 8/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jon\My Documents\My Received Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://raidersohyeah...d.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc.support.global.toshiba.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [rcj] C:\WINDOWS\rcj.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.24...va/cfs40320.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093052610960
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.co...gameloader6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.co...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/me...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Incident Status Location

Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi suecal

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp Dont run it yet. Download from Link 3

Reboot into Safe Mode: please see here if you are not sure how to do this.

Now run mwav

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O4 - HKLM\..\Run: [rcj] C:\WINDOWS\rcj.exe
O4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe

Click on Fix Checked when finished and exit HijackThis.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\rcj.exe<--Delete this file
mssmmspgr.exe<--Delete this file
C:\WINDOWS\Downloaded Program Files\popcaploader.inf<--Delete this file
Exit Explorer.

Reboot as normal.

Please post the logs From Mwav virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
suecal

suecal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I will follow these instructions, but last time I went to do

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\rcj.exe<--Delete this file
mssmmspgr.exe<--Delete this file

I could not find these.
  • 0

#6
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi suecal

Please run the Mwav anti-virus scan in safemode

When you have compled post the log from mwav and a HJT.log

Kc :tazz:
  • 0

#7
suecal

suecal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:53:48 PM, on 8/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jon\My Documents\My Received Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://raidersohyeah...d.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc.support.global.toshiba.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.24...va/cfs40320.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093052610960
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.co...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/me...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Wed Jun 08 19:43:42 2005 => **********************************************************
Wed Jun 08 19:43:42 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Wed Jun 08 19:43:42 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Wed Jun 08 19:43:42 2005 => **********************************************************
Wed Jun 08 19:43:42 2005 => Version 6.4.1 (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mwavscan.com)
Wed Jun 08 19:43:42 2005 => Log File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MWAV.LOG
Wed Jun 08 19:43:42 2005 => MWAV Registered: FALSE.
Wed Jun 08 19:43:42 2005 => MWAV Mode: Only Scan files.
Wed Jun 08 19:43:42 2005 => Latest Date of files inside MWAV: 06 Jun 2005 14:07:13.
Wed Jun 08 19:43:56 2005 => AV Library Loaded...
Wed Jun 08 19:43:56 2005 => MWAV doing self scanning...
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavss.exe
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Getvlist.exe
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavss.dll
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavssdi.dll
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavssi.dll
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavvlg.dll
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msvlclnt.dll
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ipc.dll
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\main.avi
Wed Jun 08 19:43:56 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\virus.avi
Wed Jun 08 19:43:56 2005 => MWAV files are clean.
Wed Jun 08 19:44:00 2005 => Virus Database Date: 2005/06/06
Wed Jun 08 19:44:00 2005 => Virus Database Count: 133635

Wed Jun 08 19:44:11 2005 => **********************************************************
Wed Jun 08 19:44:11 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Wed Jun 08 19:44:11 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Wed Jun 08 19:44:11 2005 =>
Wed Jun 08 19:44:11 2005 => Support: support@mwti.net
Wed Jun 08 19:44:11 2005 => Web: http://www.mwti.net
Wed Jun 08 19:44:11 2005 => **********************************************************
Wed Jun 08 19:44:11 2005 => Version 6.4.1 (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mwavscan.com)
Wed Jun 08 19:44:11 2005 => Log File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MWAV.LOG
Wed Jun 08 19:44:11 2005 => User Account: Administrator
Wed Jun 08 19:44:11 2005 => Windows Root Folder: C:\WINDOWS
Wed Jun 08 19:44:11 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Wed Jun 08 19:44:11 2005 => OS: Windows NT
Wed Jun 08 19:44:11 2005 => Latest Date of files inside MWAV: 06 Jun 2005 14:07:13.

Wed Jun 08 19:44:11 2005 => Options Selected by User:
Wed Jun 08 19:44:11 2005 => Memory Check: Enabled
Wed Jun 08 19:44:11 2005 => Registry Check: Enabled
Wed Jun 08 19:44:11 2005 => StartUp Folder Check: Enabled
Wed Jun 08 19:44:11 2005 => System Folder Check: Enabled
Wed Jun 08 19:44:11 2005 => System Area Check: Disabled
Wed Jun 08 19:44:11 2005 => Services Check: Enabled
Wed Jun 08 19:44:11 2005 => Drive Check Option Disabled
Wed Jun 08 19:44:11 2005 => Folder Check: Disabled

Wed Jun 08 19:44:11 2005 => ***** Scanning Memory Files *****
Wed Jun 08 19:44:11 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Wed Jun 08 19:44:11 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll
Wed Jun 08 19:44:11 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Wed Jun 08 19:44:11 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Wed Jun 08 19:44:11 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll
Wed Jun 08 19:44:11 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll
Wed Jun 08 19:44:12 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Wed Jun 08 19:44:12 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Wed Jun 08 19:44:13 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Wed Jun 08 19:44:13 2005 => Scanning File C:\WINDOWS\system32\sxs.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Wed Jun 08 19:44:14 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Wed Jun 08 19:44:15 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll
Wed Jun 08 19:44:15 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Wed Jun 08 19:44:15 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Wed Jun 08 19:44:15 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Wed Jun 08 19:44:15 2005 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Wed Jun 08 19:44:15 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Wed Jun 08 19:44:16 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Wed Jun 08 19:44:16 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Wed Jun 08 19:44:16 2005 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Wed Jun 08 19:44:16 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Wed Jun 08 19:44:16 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\system32\odbcint.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\system32\sfc.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\system32\ole32.dll
Wed Jun 08 19:44:17 2005 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\WINMM.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\WinSCard.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\MPR.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\UxTheme.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\cscui.dll
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Wed Jun 08 19:44:18 2005 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Wed Jun 08 19:44:19 2005 => Scanning File C:\WINDOWS\system32\COMRes.dll
Wed Jun 08 19:44:19 2005 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Wed Jun 08 19:44:19 2005 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Wed Jun 08 19:44:19 2005 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Wed Jun 08 19:44:20 2005 => Scanning File C:\WINDOWS\system32\services.exe
Wed Jun 08 19:44:20 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Wed Jun 08 19:44:20 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Wed Jun 08 19:44:20 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Wed Jun 08 19:44:20 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Wed Jun 08 19:44:20 2005 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Wed Jun 08 19:44:20 2005 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Wed Jun 08 19:44:21 2005 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Wed Jun 08 19:44:21 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll
Wed Jun 08 19:44:21 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Wed Jun 08 19:44:21 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Wed Jun 08 19:44:21 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Wed Jun 08 19:44:21 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\w32time.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\schannel.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll
Wed Jun 08 19:44:22 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Wed Jun 08 19:44:23 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 19:44:23 2005 => Scanning File c:\windows\system32\rpcss.dll
Wed Jun 08 19:44:23 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll
Wed Jun 08 19:44:23 2005 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Wed Jun 08 19:44:23 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Wed Jun 08 19:44:23 2005 => Scanning File C:\WINDOWS\System32\winrnr.dll
Wed Jun 08 19:44:23 2005 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Wed Jun 08 19:44:23 2005 => Scanning File c:\windows\system32\cryptsvc.dll
Wed Jun 08 19:44:23 2005 => Scanning File c:\windows\system32\certcli.dll
Wed Jun 08 19:44:23 2005 => Scanning File c:\windows\system32\ATL.DLL
Wed Jun 08 19:44:23 2005 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Wed Jun 08 19:44:23 2005 => Scanning File C:\WINDOWS\system32\WININET.dll
Wed Jun 08 19:44:23 2005 => Scanning File c:\windows\system32\ESENT.dll
Wed Jun 08 19:44:23 2005 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Wed Jun 08 19:44:24 2005 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Wed Jun 08 19:44:24 2005 => Scanning File c:\windows\system32\srsvc.dll
Wed Jun 08 19:44:24 2005 => Scanning File c:\windows\system32\POWRPROF.dll
Wed Jun 08 19:44:24 2005 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Wed Jun 08 19:44:24 2005 => Scanning File c:\windows\system32\dmserver.dll
Wed Jun 08 19:44:24 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcore.dll
Wed Jun 08 19:44:24 2005 => Scanning File C:\WINDOWS\System32\wbem\esscli.dll
Wed Jun 08 19:44:24 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll
Wed Jun 08 19:44:24 2005 => Scanning File C:\WINDOWS\System32\wbem\FastProx.dll
Wed Jun 08 19:44:24 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Wed Jun 08 19:44:25 2005 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Wed Jun 08 19:44:25 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Wed Jun 08 19:44:25 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Wed Jun 08 19:44:25 2005 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Wed Jun 08 19:44:25 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcons.dll
Wed Jun 08 19:44:25 2005 => Scanning File C:\WINDOWS\Explorer.EXE
Wed Jun 08 19:44:25 2005 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Wed Jun 08 19:44:25 2005 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Wed Jun 08 19:44:25 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\WINDOWS\system32\rtutils.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\WINDOWS\system32\credui.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\WINDOWS\system32\MSVCP71.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\WINDOWS\system32\MSVCR71.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Wed Jun 08 19:44:26 2005 => Scanning File C:\DOCUME~1\Jon\MYDOCU~1\MYRECE~1\SECURI~1\context.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\DOCUME~1\Jon\MYDOCU~1\MYRECE~1\SECURI~1\lang.dll
Wed Jun 08 19:44:26 2005 => Scanning File C:\WINDOWS\system32\msi.dll
Wed Jun 08 19:44:27 2005 => Scanning File C:\PROGRA~1\MIAF83~1\SHELLE~1.DLL
Wed Jun 08 19:44:27 2005 => Scanning File C:\DOCUME~1\Jon\MYDOCU~1\MYRECE~1\SECURI~1\SHELLH~1.DLL
Wed Jun 08 19:44:27 2005 => Scanning File C:\WINDOWS\system32\browselc.dll
Wed Jun 08 19:44:27 2005 => Scanning File C:\WINDOWS\system32\urlmon.dll
Wed Jun 08 19:44:27 2005 => Scanning File C:\PROGRA~1\MICROS~2\Office10\msohev.dll
Wed Jun 08 19:44:27 2005 => Scanning File C:\WINDOWS\system32\shdoclc.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\drprov.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\NETRAP.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\davclnt.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\system32\MLANG.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\sendmail.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\System32\shgina.dll
Wed Jun 08 19:44:28 2005 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Wed Jun 08 19:44:29 2005 => Scanning File C:\WINDOWS\system32\WMVCore.DLL
Wed Jun 08 19:44:29 2005 => Scanning File C:\WINDOWS\system32\WMASF.DLL
Wed Jun 08 19:44:29 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Jun 08 19:44:29 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
Wed Jun 08 19:44:29 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mwavscan.com
Wed Jun 08 19:44:29 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msvlclnt.dll
Wed Jun 08 19:44:30 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavssdi.dll
Wed Jun 08 19:44:30 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavssd.dll
Wed Jun 08 19:44:30 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavssi.dll
Wed Jun 08 19:44:30 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ipc.dll
Wed Jun 08 19:44:30 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RICHED32.DLL
Wed Jun 08 19:44:30 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PSAPI.DLL
Wed Jun 08 19:44:30 2005 => Scanning File C:\WINDOWS\system32\VDMDBG.DLL
Wed Jun 08 19:44:30 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavss.exe
Wed Jun 08 19:44:30 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavss.dll

Wed Jun 08 19:44:30 2005 => ***** Scanning Registry Files *****

Wed Jun 08 19:44:30 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Wed Jun 08 19:44:30 2005 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8252 kb > 3072 kb...
Wed Jun 08 19:44:30 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Wed Jun 08 19:44:30 2005 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8252 kb > 3072 kb...
Wed Jun 08 19:44:30 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Wed Jun 08 19:44:30 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:30 2005 => Scanning File C:\WINDOWS\System32\stobject.dll

Wed Jun 08 19:44:30 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Wed Jun 08 19:44:30 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Wed Jun 08 19:44:30 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Wed Jun 08 19:44:30 2005 => Scanning File C:\PROGRA~1\MSNAPP~1\MSNTOO~1\010240~1.100\en-au\msntb.dll

Wed Jun 08 19:44:30 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Wed Jun 08 19:44:30 2005 => {53707962-6F74-2D53-2644-206D7942484F} = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Wed Jun 08 19:44:30 2005 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Wed Jun 08 19:44:31 2005 => {9394EDE7-C8B5-483E-8773-474BF36AF6E4} = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\PROGRA~1\MSNAPP~1\ST\010300~1.100\en-xu\stmain.dll
Wed Jun 08 19:44:31 2005 => {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\PROGRA~1\MSNAPP~1\MSNTOO~1\010240~1.100\en-au\msntb.dll

Wed Jun 08 19:44:31 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\System32\browseui.dll

Wed Jun 08 19:44:31 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\mmsys.cpl
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\rshx32.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\docprop.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\deskadp.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\deskmon.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\dssec.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\SlayerXP.dll
Wed Jun 08 19:44:31 2005 => Scanning File C:\WINDOWS\system32\shscrap.dll
Wed Jun 08 19:44:32 2005 => Scanning File C:\WINDOWS\system32\diskcopy.dll
Wed Jun 08 19:44:32 2005 => Scanning File C:\WINDOWS\system32\ntlanui2.dll
Wed Jun 08 19:44:32 2005 => Scanning File C:\WINDOWS\System32\icmui.dll
Wed Jun 08 19:44:32 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Wed Jun 08 19:44:32 2005 => Scanning File C:\WINDOWS\system32\printui.dll
Wed Jun 08 19:44:32 2005 => Scanning File C:\WINDOWS\system32\dskquoui.dll
Wed Jun 08 19:44:32 2005 => Scanning File C:\WINDOWS\system32\syncui.dll
Wed Jun 08 19:44:32 2005 => Scanning File C:\WINDOWS\System32\hticons.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\fontext.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\rshx32.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\deskperf.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\cryptext.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\cryptext.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\remotepg.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\wshext.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\PROGRA~1\COMMON~1\System\OLEDB~1\oledb32.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:33 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\sendmail.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\sendmail.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\occache.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Wed Jun 08 19:44:34 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\msieftp.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\msagent\agentpsh.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\dfsshlex.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\photowiz.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\System32\mmcshext.dll
Wed Jun 08 19:44:35 2005 => Scanning File C:\WINDOWS\system32\cabview.dll
Wed Jun 08 19:44:36 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\wabfind.dll
Wed Jun 08 19:44:36 2005 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Wed Jun 08 19:44:36 2005 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Wed Jun 08 19:44:36 2005 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Wed Jun 08 19:44:36 2005 => Scanning File C:\WINDOWS\System32\mscoree.dll
Wed Jun 08 19:44:37 2005 => Scanning File C:\PROGRA~1\TOSHIBA\TouchED\TouchED.dll
Wed Jun 08 19:44:37 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Wed Jun 08 19:44:37 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Wed Jun 08 19:44:37 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Wed Jun 08 19:44:37 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Wed Jun 08 19:44:38 2005 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Wed Jun 08 19:44:40 2005 => Scanning File C:\PROGRA~1\MICROS~2\Office10\OLKFSTUB.DLL
Wed Jun 08 19:44:41 2005 => Scanning File C:\PROGRA~1\MICROS~2\Office10\msohev.dll
Wed Jun 08 19:44:41 2005 => Scanning File C:\WINDOWS\system32\wuaucpl.cpl
Wed Jun 08 19:44:42 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Jun 08 19:44:42 2005 => Scanning File C:\WINDOWS\System32\twext.dll
Wed Jun 08 19:44:43 2005 => Scanning File C:\WINDOWS\System32\twext.dll
Wed Jun 08 19:44:43 2005 => Scanning File C:\WINDOWS\System32\extmgr.dll
Wed Jun 08 19:44:43 2005 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Wed Jun 08 19:44:43 2005 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Wed Jun 08 19:44:43 2005 => Scanning File C:\PROGRA~1\MICROS~2\Office\soa800.dll
Wed Jun 08 19:44:43 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll
Wed Jun 08 19:44:43 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll
Wed Jun 08 19:44:43 2005 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.DLL

Wed Jun 08 19:44:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Wed Jun 08 19:44:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Wed Jun 08 19:44:43 2005 => Scanning File C:\WINDOWS\Explorer.exe
Wed Jun 08 19:44:43 2005 => Scanning File C:\WINDOWS\system32\userinit.exe
Wed Jun 08 19:44:43 2005 => Scanning File C:\WINDOWS\system32\gptext.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\fdeploy.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\dskquota.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\gptext.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\gptext.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\appmgmts.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\gptext.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\crypt32.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\cryptnet.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Wed Jun 08 19:44:44 2005 => Scanning File C:\WINDOWS\system32\igfxsrvc.dll
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\sclgntfy.dll
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll

Wed Jun 08 19:44:45 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Wed Jun 08 19:44:45 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Wed Jun 08 19:44:45 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Wed Jun 08 19:44:45 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\drwtsn32.exe

Wed Jun 08 19:44:45 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\ntsd.exe

Wed Jun 08 19:44:45 2005 => Scanning HKCU\Control Panel\Desktop
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\logon.scr

Wed Jun 08 19:44:45 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\ntvdm.exe
Wed Jun 08 19:44:45 2005 => Scanning File C:\WINDOWS\system32\ntvdm.exe

Wed Jun 08 19:44:45 2005 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\inf\unregmp2.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\System32\rundll32.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Wed Jun 08 19:44:46 2005 => Scanning File C:\WINDOWS\system32\ie4uinit.exe
Wed Jun 08 19:44:47 2005 => Scanning File C:\WINDOWS\System32\Rundll32.exe
Wed Jun 08 19:44:47 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe

Wed Jun 08 19:44:47 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Wed Jun 08 19:44:47 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Wed Jun 08 19:44:47 2005 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run

Wed Jun 08 19:44:47 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Wed Jun 08 19:44:47 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Jun 08 19:44:47 2005 => Scanning File C:\WINDOWS\System32\igfxtray.exe
Wed Jun 08 19:44:47 2005 => Scanning File C:\WINDOWS\System32\hkcmd.exe
Wed Jun 08 19:44:47 2005 => Scanning File C:\PROGRA~1\ANALOG~1\SoundMAX\PmProxy.exe
Wed Jun 08 19:44:48 2005 => Scanning File C:\WINDOWS\System32\00THotkey.exe
Wed Jun 08 19:44:48 2005 => Scanning File C:\WINDOWS\system32\000StTHK.exe
Wed Jun 08 19:44:48 2005 => Scanning File C:\PROGRA~1\Apoint2K\Apoint.exe
Wed Jun 08 19:44:48 2005 => Scanning File C:\PROGRA~1\TOSHIBA\TouchED\TouchED.Exe
Wed Jun 08 19:44:48 2005 => Scanning File C:\WINDOWS\system32\TFNF5.exe
Wed Jun 08 19:44:48 2005 => Scanning File C:\WINDOWS\system32\TPWRTRAY.EXE
Wed Jun 08 19:44:49 2005 => Scanning File C:\PROGRA~1\Toshiba\CONFIG~1\NDSTray.exe
Wed Jun 08 19:44:49 2005 => Scanning File C:\PROGRA~1\ltmoh\Ltmoh.exe
Wed Jun 08 19:44:49 2005 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Wed Jun 08 19:44:49 2005 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
Wed Jun 08 19:44:49 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Wed Jun 08 19:44:50 2005 => Scanning File C:\PROGRA~1\MSNAPP~1\Updater\010230~1.100\en-au\msnappau.exe
Wed Jun 08 19:44:50 2005 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Wed Jun 08 19:44:50 2005 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Wed Jun 08 19:44:50 2005 => Scanning File C:\PROGRA~1\MIAF83~1\gcasServ.exe
Wed Jun 08 19:44:51 2005 => Scanning File C:\WINDOWS\system32\dumprep.exe

Wed Jun 08 19:44:51 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Jun 08 19:44:51 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Jun 08 19:44:51 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Jun 08 19:44:51 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Wed Jun 08 19:44:51 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Jun 08 19:44:51 2005 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Wed Jun 08 19:44:51 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

Wed Jun 08 19:44:51 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Jun 08 19:44:51 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Jun 08 19:44:51 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Jun 08 19:44:51 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Wed Jun 08 19:44:51 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Jun 08 19:44:51 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

Wed Jun 08 19:44:51 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Jun 08 19:44:51 2005 => Scanning HKCR\txtfile\shell\open\command

Wed Jun 08 19:44:51 2005 => Scanning HKCR\comfile\shell\open\command

Wed Jun 08 19:44:51 2005 => Scanning HKCR\exefile\shell\open\command

Wed Jun 08 19:44:51 2005 => Scanning HKCR\dllfile\shell\open\command

Wed Jun 08 19:44:51 2005 => Scanning HKCR\batfile\shell\open\command

Wed Jun 08 19:44:51 2005 => Scanning HKCR\piffile\shell\open\command

Wed Jun 08 19:44:51 2005 => Scanning HKCR\scrfile\shell\open\command

Wed Jun 08 19:44:51 2005 => Scanning HKCR\scrfile\shell\config\command

Wed Jun 08 19:44:51 2005 => Scanning HKCR\regfile\shell\open\command

Wed Jun 08 19:44:51 2005 => Scanning HKCR\htmlfile\shell\open\command
Wed Jun 08 19:44:51 2005 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Wed Jun 08 19:44:51 2005 => Scanning HKCR\htafile\shell\open\command
Wed Jun 08 19:44:51 2005 => Scanning File C:\WINDOWS\System32\mshta.exe

Wed Jun 08 19:44:51 2005 => Scanning HKCR\jsfile\shell\open\command
Wed Jun 08 19:44:51 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Jun 08 19:44:51 2005 => Scanning HKCR\jsefile\shell\open\command
Wed Jun 08 19:44:51 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Jun 08 19:44:51 2005 => Scanning HKCR\vbsfile\shell\open\command
Wed Jun 08 19:44:51 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Jun 08 19:44:51 2005 => Scanning HKCR\vbefile\shell\open\command
Wed Jun 08 19:44:51 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Jun 08 19:44:51 2005 => Scanning HKCR\wshfile\shell\open\command
Wed Jun 08 19:44:51 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Jun 08 19:44:51 2005 => Scanning HKCR\wsffile\shell\open\command
Wed Jun 08 19:44:51 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Jun 08 19:44:51 2005 => ***** Scanning StartUp Folders *****

Wed Jun 08 19:44:51 2005 => ***** Scanning C:\Documents and Settings\Administrator\Start Menu\Programs\Startup Folder *****
Wed Jun 08 19:44:51 2005 => Scanning Folder: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\*.*
Wed Jun 08 19:44:51 2005 => Scanning File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini [**]

Wed Jun 08 19:44:51 2005 => ***** Scanning C:\Documents and Settings\Administrator\Desktop Folder *****
Wed Jun 08 19:44:51 2005 => Scanning Folder: C:\Documents and Settings\Administrator\Desktop\*.*

Wed Jun 08 19:44:51 2005 => ***** Scanning C:\Documents and Settings\All Users\Start Menu\Programs\Startup Folder *****
Wed Jun 08 19:44:51 2005 => Scanning Folder: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*.*
Wed Jun 08 19:44:51 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [**]
Wed Jun 08 19:44:51 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
Wed Jun 08 19:44:51 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
Wed Jun 08 19:44:52 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Wed Jun 08 19:44:52 2005 => ***** Scanning C:\Documents and Settings\Administrator\Start menu\Programs\Startup Folder *****
Wed Jun 08 19:44:52 2005 => Scanning Folder: C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\*.*
Wed Jun 08 19:44:52 2005 => Scanning File C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\desktop.ini [**]

Wed Jun 08 19:44:52 2005 => ***** Scanning C:\Documents and Settings\Default User\Start menu\Programs\Startup Folder *****
Wed Jun 08 19:44:52 2005 => Scanning Folder: C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\*.*
Wed Jun 08 19:44:52 2005 => Scanning File C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\desk
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi suecal

Your HJT.log is clean now viruses are present.
How is the sytem running now

Kc :tazz:
  • 0

#9
suecal

suecal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi, thanks for all that help, but it is still incredibly slow, just to get it started. Once you have programs running it seems to work OK, not great, but just to open user and then any program takes forever. :tazz:
  • 0

#10
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi suecal

I need a HJT.log scanned in normal mode not from safemode

A HJT.log run from normalmode will show all the programs running from start up

Thanks

Kc :tazz:
  • 0

#11
suecal

suecal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
;) Thanks so much for all your help so far :tazz: you rock. Here's my log.

Logfile of HijackThis v1.99.1
Scan saved at 10:12:29 PM, on 09/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoctrl.exe
C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jon\My Documents\My Received Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://raidersohyeah...d.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://raidersohyeah...d.com/index.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.24...va/cfs40320.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093052610960
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.co...outLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Jon\My Documents\My Received Files\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

#12
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi suecal

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Having two Anti-virus programs running is a resoure hog Uninstall one of the virus prgrams
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <--not needed at start up can be start manually
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
<--Not needed at start up resoure hog
Click on Fix Checked when finished and exit HijackThis.


Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#13
suecal

suecal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
:tazz:
Hi, Well I did the removal of file, did Hijack this and then when I was running the Virus scan, during it the screen went into DOS mode and said something about an error, and did a Physical Dump and to restart.
I tried to restart the laptop but it comes up with the Toshiba screen, then goes to black screen with only a cursor and it is rather noisy.
I do hope this does not mean that it 'crashed'
;)

Hope you can help me,
Sue
  • 0

#14
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi suecal

Please post in this part of the forum there are a lot of very good helpers there.
http://www.geekstogo...pherals-f9.html
You whwer have a problem with the system being slow sounds like a hardware problem you have.
This is the link to this topic you are viewing now. http://www.geekstogo...04

I will leave this topic open for you.

Kc :tazz:
  • 0

#15
Guest_thatman_*

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP