Ive searched your forums but haven't quite found the same issue I have, so here it goes: Avast is detecting loads of trojans from C:/documents and settings/daved/local settings/temp, which i cant find if i explore my hardrive only if i search for it (which is probably normal). I get at least 5 a day and their all called something like exmodul54.exe or 90hdd.6. (Since these are all in the temp folder im wondering if i can just delete it all, but theres hundreds of files there and i dont want to do something stupid) Ive run ad-aware and spybot (they detected nothing) but all my friends discouraged me from any online scan. Ive run loads of scans with avast and they get nothing. (avast seems to catch them after they activate or something) which leads me too my second question. From what ive read from your forums avast isnt any of your preferred choices, it updates automatically but im not sure if i should trust it with catching 100% of my trojans. Shoul i run hijackthis and post results? How do i know if any damage has been done to my comp? Any help would be great. It gets kind of embarrasing deleting 5 trojans back to back with someone sitting next to you.
ill look into online scanners, heres the log file: Logfile of HijackThis v1.99.1 Scan saved at 8:19:16 PM, on 9/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe C:\Program Files\MSI\SecureDoc\Logon.exe C:\Documents and Settings\Daved\Desktop\Winzip\WZQKPICK.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Daved\LOCALS~1\Temp\45exmodul32d.5.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Daved\Desktop\Installation Programs\HijackThis_v1.99.1.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Daved\Desktop\Winzip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Hello Magova, I don't see the "90hdd.6", but "45exmodul32d.5.exe" is running. Let's see if Kaspersky can find it. First, go here and download KillBox. Note: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet. Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter). Open Killbox.exe. Check "Standard File Kill". In the "Full Path of File to Delete" box, copy and paste each of the following lines below [bold]one at a time[/bold]. Then click the red button with a white X after you enter each file. You will be prompted to confirm, click Yes. [bold]C:\DOCUME~1\Daved\LOCALS~1\Temp\45exmodul32d.5.exe[/bold] Close KillBox and open Ewido. Run a complete system scan. When it finishes, if anything is found set all items to quarantine. Click "Apply all actions". Click "Save report".(save it to the desktop) Close Ewido and restart in normal mode. Go here and run Kaspersky Online Scanner. When it finishes, save the log. Post back with a new HijackThis log, the Ewido report and the Kaspersky log.
Hi Niobis, this is my new hijackthis log file, ewido log file, and Kaspersky log file respectively: Logfile of HijackThis v1.99.1 Scan saved at 7:36:33 PM, on 9/26/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe C:\Program Files\MSI\SecureDoc\Logon.exe C:\Documents and Settings\Daved\Desktop\Winzip\WZQKPICK.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\Daved\LOCALS~1\Temp\16exmodul32d.5.exe C:\Documents and Settings\Daved\Desktop\HijackThis_v1.99.1.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Daved\Desktop\Winzip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159231534468 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe My ewido log: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 5:30:06 PM 9/26/2006 + Scan result: C:\Documents and Settings\Daved\Cookies\daved@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Daved\Cookies\daved@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). C:\Documents and Settings\Daved\Cookies\daved@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined). C:\Documents and Settings\Daved\Cookies\daved@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). ::Report end And my Kaspersky log: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, September 26, 2006 7:32:30 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 27/09/2006 Kaspersky Anti-Virus database records: 213460 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 52731 Number of viruses found: 5 Number of infected objects: 20 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:08:48 Infected Object Name / Virus Name / Last Action C:\!KillBox\45exmodul32d.5 Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Daved\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Temp\15exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\24exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\28exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\35exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\3exssd32.6.exe Infected: Trojan-Proxy.Win32.Horst.jc skipped C:\Documents and Settings\Daved\Local Settings\Temp\50exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\54exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\65exssd32.6.exe Infected: Trojan-Proxy.Win32.Horst.jc skipped C:\Documents and Settings\Daved\Local Settings\Temp\84exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\85exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\94exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\97exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\98exmodul32d.5.exe Infected: Trojan-Proxy.Win32.Horst.jx skipped C:\Documents and Settings\Daved\Local Settings\Temp\setup.exe Infected: Trojan-Proxy.Win32.Horst.jy skipped C:\Documents and Settings\Daved\Local Settings\Temp\~DF88B7.tmp Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Temp\~DFD6E6.tmp Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Temp\~DFEA65.tmp Object is locked skipped C:\Documents and Settings\Daved\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Daved\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Daved\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP112\A0031187.exe Infected: Backdoor.Win32.Agent.aay skipped C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP144\A0034073.exe Infected: Backdoor.Win32.Agent.aay skipped C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP144\A0034074.exe Infected: Backdoor.Win32.Agent.aay skipped C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP144\A0034075.exe Infected: Backdoor.Win32.Agent.aay skipped C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP145\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\system\smss.exe Infected: Trojan-Proxy.Win32.Horst.jf skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd0749.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_648.dat Object is locked skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed.
More infection than I thought. Note: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet. Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter). Open Killbox.exe. Check "Standard File Kill". In the "Full Path of File to Delete" box, copy and paste each of the following lines below [bold]one at a time[/bold]. Then click the red button with a white X after you enter each file. You will be prompted to confirm, click Yes. [bold]C:\Documents and Settings\Daved\Local Settings\Temp\15exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\24exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\28exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\35exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\3exssd32.6.exe C:\Documents and Settings\Daved\Local Settings\Temp\50exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\54exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\65exssd32.6.exe C:\Documents and Settings\Daved\Local Settings\Temp\84exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\85exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\94exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\97exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\98exmodul32d.5.exe C:\Documents and Settings\Daved\Local Settings\Temp\setup.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP112\A0031187.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP144\A0034073.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP144\A0034074.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP144\A0034075.exe C:\WINDOWS\system\smss.exe[/bold] Note: KillBox may prompt file does not exist. In this case, just continue with next file. Please do not miss any. Restart in normal mode. Go to C:\!KillBox and delete [bold]everything[/bold] in that folder. Then, go here and run ActiveScan. When it finishes, save the results and post them here.
yea.. loads of trojan horses, no joke. But i had a few problems following your instructions. I was only able to delete files: C:\Documents and Settings\Daved\Local Settings\Temp\35exmodul32d.5.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP112\A0031187.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP144\A0034073.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP144\A0034074.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP144\A0034075.exe C:\WINDOWS\system\smss.exe and all the other 13 told me "file does not seem to exists" I did what you said, go to C:/Killbox and delete everything But when i tried the panda active scan thing it got to about 45% and then Avast said this: A Virus Was Found! There is no reason to worry, though. avast! has stopped the malware before it could enter your computer. When you click on the "Abort connection" button, the download of the dangerous file will be canceled. File name: http://acs.pandasoftware.com/activescan/as5free/motor.cab\pska Malware name: Win32:CTX Malware type: Virus/Worm VPS version: 0639-3, 09/27/2006 I saved the picture and id post it but i don't know how. Anyways, i tried it again after that and had the same problem. Avast doesn't even give me the option to ignore it like it does with other viruses.
I was hoping we could have avoid this, but looks like not. Your going to have to change your antivirus temporarily. Please be patient as this may take longer than normal. Go here and download the 30 day trial of NOD32 Antivirus. Uninstall Avast via Add/Remove Programs. Restart. Install NOD32.(may have to restart again) Double click the system tray icon to open NOD32. Click NOD32 from menu. Click In-depth anaylsis. After scanning click logs from the menu. Click Threat log and save it. Post the log in your next reply. Then, try runnning ActiveScan again. If it finishes save the results and post them also.
Did what you said. To run NOD32 however, google desktop gave me conflict problems with NOD32. It told me i must uninstall one of the two: np though, just uninstalled google desktop. Also, i did something wrong with the NOD32 scanner log, i had the settings on 'promt for action' so everything it detected i deleted and i presume this is why i didn't find anything in the threat log afterward, but i saved the scanner log. Active Scan worked this time but i don't understand why avast was detecting a virus previously. If it really was detecting it then how does changing scanners fix that? Sounds like an unsafe scan site but i posted the log, following the NOD32 log: Scan performed at: 9/27/2006 18:21:54 PM Scanning Log NOD32 version 1.1773 (20060925) NT Operating memory - error opening [4] Operating memory - is OK Date: 27.9.2006 Time: 18:21:58 Scanned disks, folders and files: C:; F: C:\pagefile.sys - error opening (File locked) [4] C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip »ZIP »sbRecovery.reg - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip »ZIP »sbRecovery.ini - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip »ZIP »sbRecovery.ini - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip »ZIP »sbRecovery.reg - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip »ZIP »sbRecovery.ini - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv.zip »ZIP »nvsvcd.exe - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv.zip »ZIP »sbRecovery.ini - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv1.zip »ZIP »sbRecovery.reg - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv1.zip »ZIP »sbRecovery.ini - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv2.zip »ZIP »sbRecovery.reg - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv2.zip »ZIP »sbRecovery.ini - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv3.zip »ZIP »sbRecovery.reg - error - password-protected file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv3.zip »ZIP »sbRecovery.ini - error - password-protected file C:\Documents and Settings\Daved\NTUSER.DAT - error opening (File locked) [4] C:\Documents and Settings\Daved\ntuser.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »Ad-Aware SE Default.skn - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »arrow1.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »arrow2.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bck1.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt11.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt12.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt13.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt21.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt22.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt23.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt31.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt32.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt33.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt41.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt42.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt43.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt51.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt52.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt53.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt61.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt62.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »checkbox1.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »checkbox2.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »checkbox3.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »checkbox4.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »defbtn1.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »defbtn2.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »defbtn3.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph1.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph2.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph3.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph4.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph5.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph6.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph7.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »main.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »preview.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »sprite1.bmp - error - password-protected file C:\Documents and Settings\Daved\Desktop\Installation Programs\Microsoft Visual Basic 6.0 Professional.zip »ZIP »IE4/ie4nt_s1.cab »CAB »IE4NT_1.CAB »CAB »MSHTML.DLL - next archive volume not found C:\Documents and Settings\Daved\Desktop\Installation Programs\Microsoft Visual Basic 6.0 Professional.zip »ZIP »IE4/ie4_s1.cab »CAB »IE4_1.CAB »CAB »JSCRIPT.DLL - next archive volume not found C:\Documents and Settings\Daved\Desktop\Installation Programs\Microsoft Visual Basic 6.0 Professional.zip »ZIP »IE4/msgms_1.cab »CAB »GM.DLS - next archive volume not found C:\Documents and Settings\Daved\Desktop\Installation Programs\Nero-7.2.3.2b_eng.exe »RAR »Cab\7AE97FEC.cab - archive damaged C:\Documents and Settings\Daved\Desktop\Installation Programs\Visual Basic\IE4\ie4nt_s1.cab »CAB »IE4NT_1.CAB »CAB »MSHTML.DLL - next archive volume not found C:\Documents and Settings\Daved\Desktop\Installation Programs\Visual Basic\IE4\ie4_s1.cab »CAB »IE4_1.CAB »CAB »JSCRIPT.DLL - next archive volume not found C:\Documents and Settings\Daved\Desktop\Installation Programs\Visual Basic\IE4\msgms_1.cab »CAB »GM.DLS - next archive volume not found C:\Documents and Settings\Daved\Desktop\VB STUFF\Visual Basic\IE4\ie4nt_s1.cab »CAB »IE4NT_1.CAB »CAB »MSHTML.DLL - next archive volume not found C:\Documents and Settings\Daved\Desktop\VB STUFF\Visual Basic\IE4\ie4_s1.cab »CAB »IE4_1.CAB »CAB »JSCRIPT.DLL - next archive volume not found C:\Documents and Settings\Daved\Desktop\VB STUFF\Visual Basic\IE4\msgms_1.cab »CAB »GM.DLS - next archive volume not found C:\Documents and Settings\Daved\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4] C:\Documents and Settings\Daved\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\Daved\Local Settings\Temp\tmp1.tmp - a variant of Win32/Medbot.BB trojan C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4] C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4] C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4] C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »Ad-Aware SE Default.skn - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »arrow1.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »arrow2.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bck1.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt11.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt12.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt13.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt21.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt22.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt23.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt31.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt32.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt33.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt41.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt42.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt43.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt51.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt52.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt53.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt61.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt62.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »checkbox1.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »checkbox2.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »checkbox3.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »checkbox4.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »defbtn1.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »defbtn2.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »defbtn3.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph1.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph2.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph3.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph4.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph5.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph6.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph7.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »main.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »preview.bmp - error - password-protected file C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »sprite1.bmp - error - password-protected file C:\RECYCLER\S-1-5-21-725345543-1935655697-2147196821-1004\Dc10.exe - Win32/Agent.AAY trojan - deleted C:\RECYCLER\S-1-5-21-725345543-1935655697-2147196821-1004\Dc11.exe - a variant of Win32/Medbot.BB trojan C:\RECYCLER\S-1-5-21-725345543-1935655697-2147196821-1004\Dc7.exe - Win32/Agent.AAY trojan - deleted C:\RECYCLER\S-1-5-21-725345543-1935655697-2147196821-1004\Dc8.exe - Win32/Agent.AAY trojan - deleted C:\RECYCLER\S-1-5-21-725345543-1935655697-2147196821-1004\Dc9.exe - Win32/Agent.AAY trojan - deleted C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4] C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP138\A0033894.exe - a variant of Win32/Medbot.BB trojan C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP145\A0035368.exe - a variant of Win32/Medbot.BB trojan C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP147\A0035531.exe - Win32/Agent.AAY trojan - deleted C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP147\A0035532.exe - a variant of Win32/Medbot.BB trojan C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP147\A0035533.exe - Win32/Agent.AAY trojan - deleted C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP147\A0035534.exe - Win32/Agent.AAY trojan - deleted C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP147\A0035535.exe - Win32/Agent.AAY trojan - deleted C:\WINDOWS\system32\config\default - error opening (File locked) [4] C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\SAM - error opening (File locked) [4] C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4] C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\software - error opening (File locked) [4] C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\system - error opening (File locked) [4] C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4] C:\WINDOWS\system32\drivers\atapi.sys - error opening (File locked) [4] C:\WINDOWS\system32\drivers\sptd.sys - error opening (File locked) [4] C:\WINDOWS\system32\drivers\sptd0749.sys - error opening (File locked) [4] F:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4] Number of scanned files: 419711 Number of threats found: 13 Number of files cleaned: 13 Time of completion: 19:27:06 Total scanning time: 3908 sec (01:05:08) Notes: [4] File cannot be opened. It may be in use by another application or operating system. My active scan log Incident Status Location Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Daved\Cookies\daved@adtech[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Daved\Cookies\daved@atdmt[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Daved\Cookies\daved@casalemedia[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Daved\Cookies\daved@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Daved\Cookies\daved@fastclick[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Daved\Cookies\daved@microsofteup.112.2o7[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Daved\Cookies\daved@tribalfusion[1].txt Virus:Trj/Lootseek.KN Disinfected C:\RECYCLER\S-1-5-21-725345543-1935655697-2147196821-1004\Dc13.5 Virus:Trj/Lootseek.KN Disinfected C:\RECYCLER\S-1-5-21-725345543-1935655697-2147196821-1004\Dc6.5 Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
I don't understand what your asking. Avast was detecting the virus but couldn't rid it. By changing "scanners" do you mean the online scans or antivirus programs? NOD32 was used because Avast could only find and not rid. ActiveScan was used to see what wasn't rid by NOD32. Hope that anwsered your question. What scan site do you think is unsafe? ------------------------------------------------------------ Restart in safe mode. Delete these folders. C:\[bold]RECYCLER[/bold] C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\[bold]Recovery[/bold] Run KillBox for these. None may be there, but just in case. [bold]C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf C:\Documents and Settings\Daved\Local Settings\Temp\tmp1.tmp C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP138\A0033894.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP145\A0035368.exe C:\System Volume Information\_restore{E0C3C5E2-6CFE-47F4-806E-DC4117721D9E}\RP147\A0035532.exe[/bold] Restart in normal mode. Go here and download CCleaner. Install and run both the cleaner and the issues fix. When prompted to back up registry, click Yes. Post a new HijackThis log.
I guess what i meant was that i don't understand why avast detected a virus in the first place from this site http://acs.pandasoftware.com/activescan/as5free/motor.cab\pska. What you told me to do to fix this problem was to uninstall avast and install NOD32(changing scanners). This means that it would no longer detect the virus from the site? Or did you mean that avast was detecting something that wasnt a threat, which i needed to perform the online scan. The latter makes sense to me. No big issue, just a bit confused. ---------------------------------- - I was not able to find the file C:\Recycler , typing in recycler in search gave me nothing. - I found and deleted spybot recovery folder. - Of the five files you gave me to delete with killbox, i was only able to delete the first one: C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf - My new highjackthis log: Logfile of HijackThis v1.99.1 Scan saved at 4:25:13 PM, on 9/28/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe C:\Program Files\MSI\SecureDoc\Logon.exe C:\Documents and Settings\Daved\Desktop\Winzip\WZQKPICK.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Daved\Desktop\HijackThis_v1.99.1.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Daved\Desktop\Winzip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159231534468 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Avast was showing the ActiveScan.cab file because Win32:CTX infected it. Show hidden files. Control Panel > Folder Options > View tab > check "Show hidden files and folders. Then, look for C:\[bold]Recycler[/bold] If it's not there don't worry. It along with the others were deleted by NOD32 and ActiveScan. Your log is clean now. Java is out of date. Go here and download [bold]Java 5.0 Update 8[/bold]. Uninstall all previous versions of Java via Add/Remove Programs. Restart and install Update 8. Go here and download CCleaner. Install and run the cleaner and the issues fix. When prompted to backup registry, click yes. How are things now?
I did this the first time you asked me too.. do you want me to post the backup registry? Its saved on my desktop i don't even know how to open it. - i could [bold]not[/bold] find C:/Recycler even after showing hidden files and folders. - Question: ewido is an anti-spyware correct? so it is safe to be always running this together with an anti-virus? None of that conflict like with 2 anti-virus programs together? Everything else is good. I havnt detected any more trojans or anything since i changed to NOD32, but that might be because NOD32 deletes them automatically or smthing, im not familiar with the program yet, i still plan on changing back to avast. Also, i updated Java, thank you for that.
Oops, sorry about asking to download twice. I forgot we had done that already. Do not open the backup reg file unless needed. If you need to restore it just open it and click OK, but you shouldn't have to use it, ever. There should be no conficts with Ewdio and an antivirus. You should always have 1 antivirus and 1 antispyware running. Glad to hear things are good. Your welcome.
