Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected!!!!pls help me!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected!!!!pls help me!!

Unread postby viruscontrol » October 10th, 2006, 8:56 pm

Have just donloaded the AVG SPYWARE last night and scanned 350+ traces of trojans and malwares, without going into safe mode, and quarantining all the files(not delete)



Today, i hv scanned my computer with hijackthis


Pls tell me what i shld do.
i see werid processes running in my system from task manager.
viruscontrol
Active Member
 
Posts: 6
Joined: October 10th, 2006, 8:51 pm
Advertisement
Register to Remove

Unread postby viruscontrol » October 10th, 2006, 8:57 pm

Logfile of HijackThis v1.99.1
Scan saved at 8:46:27 AM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\WgaTray.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\HPZSTC10.exe
D:\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
E:\++++++DAVID++++++\hijackthis\HijackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ±!’o2a?N - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/b ... yahoo.com/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.lead.com.sg
O15 - Trusted Zone: http://*.moreatonce.com
O15 - Trusted Zone: http://schdnavdo.schooldna.com
O15 - Trusted Zone: http://schdnaweb.schooldna.com
O15 - Trusted Zone: http://schdnaweb1.schooldna.com
O15 - Trusted Zone: http://schdnaweb2.schooldna.com
O15 - Trusted Zone: http://www.schooldna.com
O15 - Trusted Zone: http://*.schooldna.com
O16 - DPF: i.Game CardGame - http://210.59.226.160/client/CardGamec/ ... rdGame.cab
O16 - DPF: i.Game CChess - http://210.59.226.135/client/CChessc/co ... CChess.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/c ... /ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/c ... cct0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot8_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/c ... gst1_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/c ... /ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potf_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/c ... ywt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall ?u?W±??r) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6900077500
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6900523140
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8C4A2492-3FED-41F2-BBAB-34E802844F8D} (IESettings Class) - http://schdnaweb.schooldna.com/schooldn ... ientIE.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C} (IMMail Class) - http://www.songtouch.com/activex/TPIMActiveX.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://www.lead.com.sg/LEAD/Common/saxfile.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
viruscontrol
Active Member
 
Posts: 6
Joined: October 10th, 2006, 8:51 pm

Unread postby viruscontrol » October 10th, 2006, 8:58 pm

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:42:34 PM 10/10/2006

+ Scan result:



C:\WINNT\system32\cns.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\WINNT\system32\cns.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\WINNT\system32\drivers\CnsMinKP.sys -> Hijacker.CnsMin : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINNT\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1118.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1168.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld11EA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1205.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld123A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld16BF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld17.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld175B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1771.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1793.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld180C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1935.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1972.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1B37.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1C5E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1CA9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1D8E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1E15.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld1FDB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld20DE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2192.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld21DC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld22C4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld22EC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2456.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2470.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld24DB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld25CC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld25F7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2657.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld26B4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2720.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2721.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2793.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld27B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld282C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld286F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld29C6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2B0C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2B75.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2BB9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2BD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2CA4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2D58.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2DC6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2DCD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld2E39.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld30DC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld30FE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld31A4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld325.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3263.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld32A6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3395.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld33E4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld352E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3535.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3565.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3587.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3826.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld38B7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld38D8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld38E0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3A16.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3A6B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3A85.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3AF9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld3E2C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4051.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld418F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld41B4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld428A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4306.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld430D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4367.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld43D7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4434.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld44E8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4528.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld452B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4725.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4753.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld47D2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4814.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4966.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld49C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4BD1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4BDD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4C0D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4C39.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4C48.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4CC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4CD4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4CD6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4D3D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4D5E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld4F06.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5014.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld508C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld514C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld532.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld53AE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld546.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld55C7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld55F9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5637.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld56DE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld58AE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5959.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5976.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5A4B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5B0D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5C06.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5CA5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5CF0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5CFC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5D4A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5D58.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5D85.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5E8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld5EFE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6085.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6151.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6236.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6251.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6296.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld62C7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld632A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld64B4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld658.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld65F1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld66F8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6765.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld67C1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld68BE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld68D6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6A2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6AA6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6B9E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6BCD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6C0D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6C1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6C53.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6DA0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6E03.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6E1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6E39.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld6E91.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7190.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld71C1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld71D1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld71D7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld721.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld72CA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld72D3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld731.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld731D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7323.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7354.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7398.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld74AC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld74F4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld758.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld78E3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld798E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7A43.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7A88.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7B17.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7B9C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7D07.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7D0D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7D4E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7D6E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7EA5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld7F88.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld80DE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8221.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8339.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld837C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld83A7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld83BD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld83DA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8455.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld84E5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld850C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8732.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld87CB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8817.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8839.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8874.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld88EB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld89C5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld89D9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8AD7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8AE5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8B6F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8BFA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8C8C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8CAE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8D29.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8D92.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8EC7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld8FE5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld90A5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld910F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9135.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9181.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld936B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9608.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld961D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9698.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld96B2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9751.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9A77.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9C88.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9CC2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9E07.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9E19.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9EC7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld9F89.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA072.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA14C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA25D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA3DB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA466.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA4EC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA559.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA5EB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA769.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA7F7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA824.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA91E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldA949.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAA3A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAADA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAAF3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAB1B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAB62.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAB7E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldABCD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAD7F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldADF4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAE39.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAE95.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldAFEB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB056.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB07E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB0F8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB2DC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB358.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB505.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB5B0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB6B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB6B8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB77F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB801.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB812.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldB8C5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBA12.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBA96.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBADC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBB42.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBB4B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBBC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBBE0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBC4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBC78.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBC89.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBDAE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBE6C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldBF66.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC2D2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC417.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC43A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC449.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC566.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC586.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC601.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC65F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC669.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC7E0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC807.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC82.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC8C9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC913.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldC982.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldCAF6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldCB81.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldCBC3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldCBF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldCC62.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldCD3C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldCF58.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD057.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD147.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD1A1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD1C7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD2CF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD316.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD334.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD570.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD5C0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD5C2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD6B9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD74B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD84E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD8A5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldD8D2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldDA5D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldDBF9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldDCC8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldDD83.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldDDAF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldDE1E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldDE2D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldDF49.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldDF4E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE100.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE1BF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE280.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE3C1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE479.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE47D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE5B5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE5D4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE6CC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE70.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE7BC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE906.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE973.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldE980.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldEA5B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldEAD3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldEB08.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldEB11.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldECD8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldED1F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldED3B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldEF17.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldEFB6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF08A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF2E2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF3D1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF51A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF552.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF629.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF72.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF759.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF835.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF856.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF85E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF885.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF937.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldF9EF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldFA1A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldFA94.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldFA99.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldFB75.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldFE23.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ldFEED.tmp -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
viruscontrol
Active Member
 
Posts: 6
Joined: October 10th, 2006, 8:51 pm

Unread postby Nellie2 » October 14th, 2006, 6:09 pm

Hello there

I'm sorry for the delay in replying to your post. Could you tell me if you have a Nokia mobile phone and have installed the Nokia PC Suite?

Have you run a full system Virus scan? If not, check that your resident anti virus is fully updated and then set it to do a full system scan. Please let me know the results.

It looks like you have disabled some startup items using msconfig, please re-enable them BUT DO NOT REBOOT. Run hijackthis again and generate a new log and post it in your reply. You can disable those entries again whilst you are waiting for my reply.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby viruscontrol » October 18th, 2006, 2:51 am

Nellie2 wrote:Hello there

I'm sorry for the delay in replying to your post. Could you tell me if you have a Nokia mobile phone and have installed the Nokia PC Suite?

Have you run a full system Virus scan? If not, check that your resident anti virus is fully updated and then set it to do a full system scan. Please let me know the results.

It looks like you have disabled some startup items using msconfig, please re-enable them BUT DO NOT REBOOT. Run hijackthis again and generate a new log and post it in your reply. You can disable those entries again whilst you are waiting for my reply.


Logfile of HijackThis v1.99.1
Scan saved at 2:50:11 PM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\++++++DAVID++++++\hijackthis\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ±!’o2a?N - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/b ... yahoo.com/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.lead.com.sg
O15 - Trusted Zone: http://*.moreatonce.com
O15 - Trusted Zone: http://schdnavdo.schooldna.com
O15 - Trusted Zone: http://schdnaweb.schooldna.com
O15 - Trusted Zone: http://schdnaweb1.schooldna.com
O15 - Trusted Zone: http://schdnaweb2.schooldna.com
O15 - Trusted Zone: http://www.schooldna.com
O15 - Trusted Zone: http://*.schooldna.com
O16 - DPF: i.Game CardGame - http://210.59.226.160/client/CardGamec/ ... rdGame.cab
O16 - DPF: i.Game CChess - http://210.59.226.135/client/CChessc/co ... CChess.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/c ... /ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/c ... cct0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot8_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/c ... gst1_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/c ... /ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potf_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/c ... ywt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall ?u?W±??r) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6900077500
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6900523140
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8C4A2492-3FED-41F2-BBAB-34E802844F8D} (IESettings Class) - http://schdnaweb.schooldna.com/schooldn ... ientIE.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C} (IMMail Class) - http://www.songtouch.com/activex/TPIMActiveX.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://www.lead.com.sg/LEAD/Common/saxfile.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
viruscontrol
Active Member
 
Posts: 6
Joined: October 10th, 2006, 8:51 pm

Unread postby viruscontrol » October 18th, 2006, 2:52 am

I have scanned with Norton antivirus but no entries

I have installed nokia suite b4 but deleted liao.
viruscontrol
Active Member
 
Posts: 6
Joined: October 10th, 2006, 8:51 pm

Unread postby viruscontrol » October 18th, 2006, 2:53 am

can i oso know why my computer is running slowly?
Thanks!!
viruscontrol
Active Member
 
Posts: 6
Joined: October 10th, 2006, 8:51 pm

Unread postby Nellie2 » October 18th, 2006, 6:09 pm

I still don't see that much wrong with your log..

Run hijackthis and click the scan button, when it has finished scanning then put a tick against the following, close all other browsers and windows and click 'fix checked'

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe <-- only if you have uninstalled the Nokia Suite

O16 - DPF: i.Game CardGame - http://210.59.226.160/client/CardGamec/ ... rdGame.cab
O16 - DPF: i.Game CChess - http://210.59.226.135/client/CChessc/co ... CChess.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/c ... /ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/c ... cct0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot8_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/c ... gst1_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/c ... /ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potf_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/c ... ywt0_x.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C} (IMMail Class) - http://www.songtouch.com/activex/TPIMActiveX.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://www.lead.com.sg/LEAD/Common/saxfile.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326

Download ATF Cleaner by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

NOTE The following will clear all of your cookies, forms and history from FireFox. Feel free to skip this step.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
NOTE: The following will clear all of your cookies, forms and history from Opera. Feel free to skip this step.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Reboot and then run a full system scan with AVG Anti Spyware (check for updates first) and post a new hijack log along with the Anti Spyware log please
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby agrarianmonk » November 19th, 2006, 5:27 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware