BleepingComputer.com > Can't Open Drives With Mouse

Full Version: Can't Open Drives With Mouse

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Arshad Parvez

Feb 11 2007, 04:43 AM

Hello,

I have Windows XP professional. Otherwise working fine, the system has one problem. When drive letters are double clicked the "Open With" dialog box opens up. If I try to right-click on the drive letter or icon, instead of "Open" and "Explore" entries for the drive, some weird characters appear in the shortcut menu. In case one selectes these characters, again "Open With" dialog opos up.

I am also sending hijackthis log file.

Please help restore drive open functions in my pc.

====
Logfile of HijackThis v1.99.1
Scan saved at 1:51:58 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

===================

DaveM59

Feb 24 2007, 02:38 PM

Hi Arshad Parvez,

Welcome to Bleeping Computer.

Sorry for the delay, this forum is very busy right now.

You are running two antivirus scanners. This does not make you safer, and can actually cause system instability as the two programs "fight with each other" over access to files.

You need to remove one of your AV programs. Both Avast and Avira are very good, so I cannot advise you about which one you should keep. It comes down to which you find easier to use.

To remove one of the programs, click Start, Control Panel then double click Add or Remove Programs. When the list is populated, scroll down to the program you have chosen to remove, select it, then click Change/Remove and follow the prompts.

Besides the two antivirus programs, I see one line in your log that looks very suspicious.

O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE

This should be the Microsoft Debug Manager, which is a program that is used for remote debugging. If this is installed on your computer deliberately, and you know what it is used for, then please tell me about it.

From Microsoft's information, your MDM.EXE is not in the right folder. It is likely to be malware.

Please submit the file to Virustotal.

Near the top of the webpage there is a white text box with a Browse button, just click it and navigate to the file, select it, click Open, then back on the web page, click Send.

Virustotal puts the file in a queue and will estimate how long it should take before your file is analyzed. During the analysis you will see the report grow as the file is scanned by each of the programs.

To save the report, highlight the relevant block of text on the web page, then press <Ctrl> - C. Open Notepad and press <Ctrl> - V. Give the file a catchy name like Virustotal.txt and save it to your desktop. I need to see it.

If any of the Virustotal scans shows this as malware, or even as suspicious, you will need to fix the entry in HijackThis and delete the file. Here is how to do that:

Open HijackThis and run a scan, then place a check next to that line:

O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE

Then, close all other windows on your desktop, and make sure no other programs are running in your taskbar. Then click Fix Checked.

Now, print out the rest of these instructions, as we will be going into Safe Mode, with no internet access.

Next, reboot into safe mode:

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a menu.
When you have the menu on the screen. Use the arrow keys to move to the line that says Safe Mode.
Then press <Enter> on your keyboard to boot into Safe Mode.

Navigate to the folder C:\Windows and delete the file MDM.EXE. If you cannot open Explorer, then Click Start, Run and type cmd. A DOS window will open with a command prompt ending with a >. Type in the following:

del c:\windows\mdm.exe <--note the space between del and C

And press <Enter>.

If the file deletes another command prompt will appear. If not, you will see an error message. Please write down that error message and put it in your next reply.

Then reboot your computer. It should boot into normal mode automatically.

Please run a fresh HijackThis scan and post that log, as well as the virustotal report, to a reply here. Also please tell me whether you were able to fix that line and delete the file, and how the computer is running now.

Dave

Arshad Parvez

Mar 7 2007, 12:14 AM

Hello,

Thanks for response.

I could not locate C:Windows\MDM.exe. I even checked "Show hidden files and folders" and unchecked "Hide protected operating system files" but the file could not be explored with explorer. However, I fixed the entry in Hijackthis (and it was removed from the registry). Also, to my astonishment, once I tried to delete C:\Windows\MDM.exe from Safe Mode (Command Prompt), it did delete successfully! Alas, I was so sure that the file wasn't there, I didnt even try to dir/copy it before deletion.

Meanwhile I have managed to put right my actual problem. I had manipulated some registry entried in HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden.

I also found a .reg file named "viewfolderrestore.reg" which restored my related regstry settings to default.

I am still wondering how the file "MDM.exe" was hidden from the explorer. Can you please enlighten me on that?

By the way, I couldn't send my file to "Virustotal" ppl, as I had deleted the file without making any copy.

ArshadParvez

DaveM59

Mar 7 2007, 02:08 PM

Hi again Arshad Parvez,

Thank you for getting back to me with your report. And congratulations on solving your own problem! I will remember your reg file (I assume you downloaded it from Kelly's Korner?) if I run across another person with this issue.

It is pretty common for malware to hide itself from the Windows API (application programming interface). I am no programmer, so I can't give a clear technical explanation, but my understanding is that the Windows API is designed so that it can be "hooked" by third party programs. They can then filter the data stream so that certain things are not shown. There are other techniques that can be used also.

The fact that that file was hidden from Explorer only increases my suspicion that it was malware.

For that reason, I think it would be worthwhile to run a couple of scans. There may be other malware files and/or registry entries that would not be shown by HijackThis.

Install AVG-Antispyware:

This page

Download Now

AVGAS

Next

I Agree

Next

Install

Finish

AVG-AS 7.5

Last Update ! Never

Update Now

Scanner

Settings

select

Automatically produce a report after every scan

Uncheck

Only if threats were found

Recommended Actions

Quarantine

Do not run a scan yet

Instead, reboot into safe mode (graphic interface, without networking).

Once in Safe Mode, scan with AVG AntiSpyware:

AVG-AS 7.5

Scan

Complete System Scan

Apply All Actions

Save Report

Save Report As

Report save as...

Reboot into Normal Mode.

Please perform this online scan: Kaspersky Webscan
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"

Post the Kaspersky scan results in your next reply, along with the AVG Antispyware report and a new Hijackthis log.

Arshad Parvez

Mar 13 2007, 03:46 AM

Hello DaveM59,

Thanks a lot for your reply. I have scanned my computer as you had desired. Two of the drives were found to have malware by Kasperski (which I have removed with avast).

Here are the logs from AVGSpyware, Kasperski and HijackThis in the same order:

As you would notice that MDM.exe was found by AVG in E:\virus --- I had found it on some other computer and copied here for virustotal. They reported it as virus. However, most of their results were same as AVG result (found below).

By the way, much problem occured only because AVAST was not set to download updates automatically and wasnt really updated. The two instances, left by AVG and found by by Kasperski (marked with CRAZY icon) were detected by updated AVAST and have been cleaned.

I do not really understand why some objects were locked when kasperski was scanning as no programs were being run nor were some explorer windows open (except FreeCell).

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:19:31 AM 3/13/2007

+ Scan result:

F:\Downloads\PEBuilder\Plugins\sysinttools.cab/Files\psexec.exe -> Not-A-Virus.NetTool.Win32.RemoteStartProcess.a : Cleaned.
:mozilla.327:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.426:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.437:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.589:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@acronis.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Others\Cookies\others@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.16:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.18:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.340:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.341:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.342:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Others\Cookies\others@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Others\Cookies\others@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ad.adocean[1].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.58:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Others\Cookies\others@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Others\Cookies\others@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Others\Cookies\others@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Others\Cookies\others@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ads.guardian.co[1].txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.113:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Others\Cookies\others@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.160:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Others\Cookies\others@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@e-2dj6wgkiuocjmkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@e-2dj6wglisgc5ggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@e-2dj6wgmywpcjwgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@e-2dj6wjlyspcjcdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.385:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.540:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Others\Cookies\others@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.345:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.346:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.273:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.317:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.343:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.344:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.403:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.415:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.429:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.448:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.470:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.601:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ehg-fluorcorp.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ehg-ittoolbox.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ehg-moma.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ehg-superwarehouse.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ehg-theheritagefoundation.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ehg-wssuk.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.287:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.453:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.284:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.582:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.337:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Others\Cookies\others@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.546:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.551:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.552:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.553:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Others\Cookies\others@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.514:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.515:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.386:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.387:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.528:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.288:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.289:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.290:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.291:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.292:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.293:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.294:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.369:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.370:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.371:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.372:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.373:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.156:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.111:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.166:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.223:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.226:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.227:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.264:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.69:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Others\Cookies\others@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.180:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.73:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Others\Cookies\others@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.32:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.302:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.303:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.307:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.579:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.580:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.581:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.72:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.19:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.230:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.231:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.235:C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Arshad\Cookies\arshad@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP101\A0090234.exe -> Trojan.Agent.abt : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP101\A0090235.EXE -> Trojan.Agent.abt : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP107\A0098465.exe -> Trojan.Agent.abt : Cleaned.
C:\WINDOWS\SVCHOST.EXE -> Trojan.Agent.abt : Cleaned.
D:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP101\A0090236.exe -> Trojan.Agent.abt : Cleaned.
D:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP107\A0098463.exe -> Trojan.Agent.abt : Cleaned.
E:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP101\A0090237.exe -> Trojan.Agent.abt : Cleaned.
E:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP107\A0098459.exe -> Trojan.Agent.abt : Cleaned.
F:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP101\A0090238.exe -> Trojan.Agent.abt : Cleaned.
F:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP107\A0098461.exe -> Trojan.Agent.abt : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP100\A0087199.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP100\A0087212.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP100\A0088211.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP101\A0088231.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP101\A0089229.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP101\A0090229.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP107\A0095460.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP107\A0097454.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP83\A0084763.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP84\A0084802.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP84\A0084887.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP85\A0084888.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP85\A0084904.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP86\A0085907.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP87\A0085920.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP88\A0085923.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP88\A0085938.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP89\A0085941.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP91\A0086059.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP92\A0087044.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP93\A0087054.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP93\A0087077.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP94\A0087078.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP94\A0087096.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP95\A0087101.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP96\A0087111.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP96\A0087133.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP97\A0087139.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP98\A0087156.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP99\A0087181.EXE -> Trojan.Agent.aei : Cleaned.
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP99\A0087192.EXE -> Trojan.Agent.aei : Cleaned.
E:\virus\MDM.EXE -> Trojan.Agent.aei : Cleaned.

::Report end

-------------------------

KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 13, 2007 12:40:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/03/2007
Kaspersky Anti-Virus database records: 265101
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 42191
Number of viruses found 2
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 00:30:53

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\cert8.db Object is locked skipped
C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\history.dat Object is locked skipped
C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\key3.db Object is locked skipped
C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\parent.lock Object is locked skipped
C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Arshad\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Arshad\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Arshad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Arshad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Arshad\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Arshad\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Arshad\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Arshad\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yrtga7j.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Arshad\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arshad\Local Settings\Temp\Free Download Manager\tic9.tmp Object is locked skipped
C:\Documents and Settings\Arshad\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arshad\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Arshad\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP108\A0100466.EXE Infected: Trojan.Win32.Agent.abt skipped

C:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP108\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_ec.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{7DBE98D2-8E71-41BC-868C-978576CA2811}\RP108\A0100465.EXE Infected: Trojan.Win32.Agent.aei skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

-----------

Logfile of HijackThis v1.99.1
Scan saved at 1:18:10 PM, on 3/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\ITEDC MCS\Map Security System Client\SYSTEM_TRAY.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 100% Free Spades Toolbar Helper - {3EBD3651-4CCA-4656-9F98-BAB4B72C6031} - C:\Program Files\100% Free Spades Toolbar\v2.0.0.5\100%_Free_Spades_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: 100% Free Spades Toolbar - {00490D79-3A7F-4c8a-9E04-2BC1D89676F1} - C:\Program Files\100% Free Spades Toolbar\v2.0.0.5\100%_Free_Spades_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MSS Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Thanks again:

DaveM59

Mar 13 2007, 07:17 PM

Hi again Arshad Parvez,

Your logs are clean.

The only malware Kaspersky found was in your System Restore files. It's fine that you cleaned them with Avast, but they could only infect your system if you used Windows system restore to repair your system. The many locked files are normal -- Kaspersky is very thorough, it attempts to scan every file it finds and it tells you about every file that it cannot scan. Many programs, including Windows itself, lock some files so that no other program can tamper with them. Windows also locks all files when they are in use -- that is what you are thinking of, it attempts to assure that you cannot crash a program by deleting a file it is holding open. But that sort of locking is temporary. The locked files Kaspersky finds are permanently locked.

There is just some housekeeping left to take care of.

You need to update your Java. Earlier versions have serious security vulnerabilities. Click Start, Control Panel, then double click Add/Remove Programs. When the list is populated look for any and all entries starting with J2SE or JRE with the little Java icon (a coffee cup). Remove them all, one by one. Then open your browser and go to this web page to get the latest version. Scroll dow to the middle of the page where you will find Java Runtime Environment (JRE) 6. Click Download which will take you to the secure download page. At the top, select the Accept License Agreement button. Then look to the first block for the J2SE downloads for the Windows Platform. You can choose either the Online or Offline installation version; unless you have several computers you need to upgrade, I suggest the Online version.

Download the file to your desktop, make sure your browser is closed, then double click the icon to begin installation.

If you have trouble with the Online installation, you can download the big Offline file and install it with your browser closed.

Next, let's get rid of temporary files and folders:

Get ATF Cleaner here . It does not require installation, just download it to your desktop.
Double-click the ATFCleaner icon on your desktop to launch the program. For this first run, check the select all box on the main page, then click Empty selected. Then, if you use Firefox or Opera, click on the appropriate tab and repeat the same drill.

Now you need to Flush your System Restore files and set a clean restore point. For the procedure I refer you to this tutorial:

http://www.bleepingcomputer.com/tutorials/tutorial56.html

Finally, please read and implement the recommendations found here.

http://www.bleepingcomputer.com/tutorials/tutorial82.html

Good luck,

Dave

Arshad Parvez

Mar 15 2007, 04:06 AM

Hello DaveM59;

All actions completed. All precautions taken.

Thanks a lot for your such indulgent help - so rare on the net. I am really impressed - and obliged.

You have just won another fan of bleepingcomputers and am myself planning to give few hours of my day to the forum in whatever way I may be of help to someone "cornered" as I was.

Thanks again and bye

ArshadParvez

DaveM59

Mar 15 2007, 09:47 AM

Hello again,

Thank you for your kind words. I am glad I was able to help you remove that trojan.

In turn, I have to say that you are one of the most knowledgeable people I have had the privilege of working with. As I said earlier, I learned something from this topic as well! Feel free to browse and see what forums you would like to "hang around" in. Except for this one (HijackThis Logs and Analysis), you are welcome to make suggestions and answer questions in any of the forums here.

Good luck and a large thank you for your interest in helping others. And again, welcome to Bleeping Computer!

Dave

DaveM59

Mar 19 2007, 07:52 PM

Since it appears to be resolved, this topic is now closed. If you want it re-opened, please PM a moderator and put the url in your request. This applies to the original poster only. Everyone else please start a new topic.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.