Free Malware Removal Forum

by **yexie** » January 31st, 2007, 12:45 pm

*sigh* i tried everything i could possibly find about this error, nothing helped. so now i am here, hope you guys can help. i am doing virusscan right now at home, while i am at work right now, i will leave my hijackthis log here in the meantime.

oh yea, besides not being able to log onto msn i am also not able to log onto any msn websites.

i use FireFox, IE i will only open if i have to. i know this is a spyware or virus problem because silly me installed something that said in big yellow letters "absolutely no spyware"... >.<
i have run SpyBot and AdAware already. i had some pop ups also, but i think SpyBot and AdAware got rid of those, the msn problem still existed though.

thanks in advance!!

Code: Select all

Logfile of HijackThis v1.99.1
Scan saved at 13:47:47, on 31.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Dokumente und Einstellungen\ella\Eigene Dateien\ventrilo_2_1_2_server_windows\ventrilo_srv.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Dokumente und Einstellungen\ella\Desktop\aliases\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: ventrilo_srv.lnk = C:\Dokumente und Einstellungen\ella\Eigene Dateien\ventrilo_2_1_2_server_windows\ventrilo_srv.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

by **Linkmaster** » February 3rd, 2007, 12:47 pm

Hi yexie, Welcome to MalWare Removal !!
Sorry for the delay in reviewing your post

You may wish to print out a copy of these instructions to follow while you complete this procedure

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
This is a two step process :

First :
Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
Choose Exit Spybot S&D Resident

Second :
Open Spybot S&D
Click Mode, check Advanced Mode
In the Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
UNcheck the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.

If you don't do it this way, the registry settings remain when you exit.
In addition TeaTimer may put itself back

I need you to download some programs to aide in our fix :Do Not Run Them Yet

Download ATF (Atribune Temp File) CleanerÂ© by Atribune

Download and Install AVG Anti-SpywareÂ© by Grisoft

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.

Firefox :
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware

Reboot to Normal Mode

Run Kaspersky WebScanner
Click on Kaspersky Online Scanner
NOTE For Internet Explorer 7 Users : If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading t he latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot

Post a fresh HijackThis Log, the AVG Anti-Spyware Log, and the Kaspersky Virus Scan Log here
(You may need to use several replies as the logs may be cut off)

Thank You !!

by **yexie** » February 4th, 2007, 6:20 pm

thank you! i will do this as soon as i have the time. thanks!! i will then post my hijackthis thingie again

by **Linkmaster** » February 5th, 2007, 11:48 am

OK sounds good !

by **yexie** » February 6th, 2007, 2:00 pm

ok here goes

btw, my msn works again, i got it to work after runningmy avg antivirus, but i still dont think im clean and seeing the results of the tests i did today i think im right with what im thinking, but you guys have to tell me what to do now :oops:

ok here hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18:57:20, on 06.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\ella\Eigene Dateien\ventrilo_2_1_2_server_windows\ventrilo_srv.exe
C:\Dokumente und Einstellungen\ella\Desktop\aliases\HijackThis.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/windowsupda ... aspx?ln=de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ella
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: ventrilo_srv.lnk = C:\Dokumente und Einstellungen\ella\Eigene Dateien\ventrilo_2_1_2_server_windows\ventrilo_srv.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {AA33C66F-71DB-43E9-B559-3CBE4398E9A9} -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

i will post the next one in a new post, since kaspersky thingie is wicked long.

by **yexie** » February 6th, 2007, 2:00 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 06, 2007 6:48:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/02/2007
Kaspersky Anti-Virus database records: 265559
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 200334
Number of viruses found: 6
Number of infected objects: 55 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:52:32

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7917.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG7\Log\emc.log Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\ella\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007020620070207\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Identities\{5CFA5382-4B3A-47DB-9CD9-74402828227A}\Microsoft\Outlook Express\Posteingang.dbx/[From "Volksbanken Raiffeisenbanken AG 2006" <infonum-304234ib@vr-networld.de>][Date Thu, 16 Nov 2006 04:17:57 +0100 (MET)]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Identities\{5CFA5382-4B3A-47DB-9CD9-74402828227A}\Microsoft\Outlook Express\Posteingang.dbx/[From "Volksbanken Raiffeisenbanken AG 2006" <infonum-304234ib@vr-networld.de>][Date Thu, 16 Nov 2006 04:17:57 +0100 (MET)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Identities\{5CFA5382-4B3A-47DB-9CD9-74402828227A}\Microsoft\Outlook Express\Posteingang.dbx/[From "Volksbanken Raiffeisenbanken" <customercare-932412829ib@volksbank.de>][Date Thu, 16 Nov 2006 11:40:27 +0100 (MET)]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Identities\{5CFA5382-4B3A-47DB-9CD9-74402828227A}\Microsoft\Outlook Express\Posteingang.dbx/[From "Volksbanken Raiffeisenbanken" <customercare-932412829ib@volksbank.de>][Date Thu, 16 Nov 2006 11:40:27 +0100 (MET)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Identities\{5CFA5382-4B3A-47DB-9CD9-74402828227A}\Microsoft\Outlook Express\Posteingang.dbx/[From "Volksbanken Raiffeisenbanken" <customercare_27706773ib@volksbank.de>][Date Thu, 16 Nov 2006 19:19:40 +0100 (MET)]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Identities\{5CFA5382-4B3A-47DB-9CD9-74402828227A}\Microsoft\Outlook Express\Posteingang.dbx/[From "Volksbanken Raiffeisenbanken" <customercare_27706773ib@volksbank.de>][Date Thu, 16 Nov 2006 19:19:40 +0100 (MET)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Identities\{5CFA5382-4B3A-47DB-9CD9-74402828227A}\Microsoft\Outlook Express\Posteingang.dbx Mail MS Outlook 5: infected - 6 skipped
C:\Dokumente und Einstellungen\ella\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Apple" <AppleStore1733_06jan@euromailer.lists.apple.com>][Date Wed, 18 Jan 2006 23:24:48 GMT]/UNNAMED/[Fro ... /[From chic geof <8ivan@norika-fujiwara.com>][Date Mon, 30 Jan 2006 06:01:03 +000 ... /text Infected: Trojan-Spy.HTML.Bankfraud.kx skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Apple" <AppleStore1733_06jan@euromailer.lists.apple.com>][Date Wed, 18 Jan 2006 23:24:48 GMT]/UNNAMED/[Fro ... /[From chic geof <8ivan@norika-fujiwara.com>][Date Mon, 30 Jan 2006 06:01:03 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kx skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Apple" <AppleStore1733_06jan@euromailer.lists.apple.com>][Date Wed, 18 Jan 2006 23:24:48 GMT]/UNNAMED/[From . ... /[From "Plaxo Validation" <confirm@plaxo.com>][Date 29 Jan 2006 08:20:18 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kx skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Apple" <AppleStore1733_06jan@euromailer.lists.apple.com>][Date Wed, 18 Jan 2006 23:24:48 GMT]/UNNAMED/[From ... /[From "Kalilinoe" <comfort@ejobs.every1.net>][Date Sat, 28 Jan 2006 05:30:38 +1200]/text Infected: Trojan-Spy.HTML.Bankfraud.kx skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Apple" <AppleStore1733_06jan@euromailer.lists.apple.com>][Date Wed, 18 Jan 2006 23:24:48 GMT]/UNNAMED/[From "Alexander" <geoffrey@perlite.biz>][Date Sun, 29 Jan 2006 12:36:57 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kx skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Apple" <AppleStore1733_06jan@euromailer.lists.apple.com>][Date Wed, 18 Jan 2006 23:24:48 GMT]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.kx skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "VOLKSBANKEN RAIFFEISENBANKEN ONLINE BANKING" <infonum-54338@volksbank.de>][Date Tue, 28 Feb 2006 21:53:35 +0100 (MET)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "VOLKSBANKEN RAIFFEISENBANKEN AG" <customerssupport_5974404@volksbank.de>][Date Wed, 1 Mar 2006 09:40:55 +0100 (MET)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Reunion.com" <weekly@relay05.reunion.com>][Date Wed, ... /[From "VOLKSBANKEN RAIFFEISENBANKEN AG 2006" <custservice_ref_251173373923690@volksbank.de>][Date Thu, 2 Mar 2006 13:29:08 +0100 (MET)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Reunion.com" <weekly@relay05.reunion.com>][Date Wed, 1 Mar 2006 20:43:24 -0800 (PST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Volksbanken Raiffeisenbanken AG Internet Banking" <onlinesupport_id_06827574847@vr-networld.de>][Date Fri, 17 Mar 2006 04:30:27 +0100 (MET)]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Volksbanken Raiffeisenbanken AG Internet Banking" <onlinesupport_id_06827574847@vr-networld.de>][Date Fri, 17 Mar 2006 04:30:27 +0100 (MET)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "eBay" <eBay@reply3.ebay.com>][Date Fri, 17 Mar 2006 13:54:00 -0800]/UNNAMED/[From "POSTBANK AG" <custsupport_0060715883673@postbank.de>][Date Sat, 18 Mar 2006 11:01:38 +0100 (MET)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "eBay" <eBay@reply3.ebay.com>][Date Fri, 17 Mar 2006 13:54:00 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Volksbanken Raiffeisenbanken Internet Banking" <custservice-ref-757832379203006@vr-networld.de>][Date Sat, 18 Mar 2006 20:15:26 +0100 (MET)]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Volksbanken Raiffeisenbanken Internet Banking" <custservice-ref-757832379203006@vr-networld.de>][Date Sat, 18 Mar 2006 20:15:26 +0100 (MET)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "VOLKSBANKEN RAIFFEISENBANKEN AG 2006" <supprefnum9740532844267@vr-networld.de>][Date Sun, 26 Mar 2006 05:10:29 +0200 (MEST)]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "VOLKSBANKEN RAIFFEISENBANKEN AG 2006" <supprefnum9740532844267@vr-networld.de>][Date Sun, 26 Mar 2006 05:10:29 +0200 (MEST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Volksbanken Raiffeisenbanken" <onlinesupport_id_13463080883926@vr-networld.de>][Date Mon, 3 Apr 2006 00:11:14 +0200 (MEST)]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Volksbanken Raiffeisenbanken" <onlinesupport_id_13463080883926@vr-networld.de>][Date Mon, 3 Apr 2006 00:11:14 +0200 (MEST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Jerome Pena" <grygcmpbxv@hotmail.com>][Date Sat, 8 Apr 2006 ... /[From "VOLKSBANKEN RAIFFEISENBANKEN AG 2006" <support-ref05158233896@vr-networld.de>][Date Sun, 9 Apr 2006 10:01:41 +0200 (M ... /UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Jerome Pena" <grygcmpbxv@hotmail.com>][Date Sat, 8 Apr 2006 ... /[From "VOLKSBANKEN RAIFFEISENBANKEN AG 2006" <support-ref05158233896@vr-networld.de>][Date Sun, 9 Apr 2006 10:01:41 +0200 (MEST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "Jerome Pena" <grygcmpbxv@hotmail.com>][Date Sat, 8 Apr 2006 20:25:36 +0200 (MEST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "WetterOnline Service"<listserv_city@listserv.wetteronline.de>][Date ... /[From "VOLKSBANKEN RAIFFEISENBANKEN" <customercare-7050464@vr-networld.de>][Date Sun, 23 Apr 2006 00:31:04 +0200 (MEST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "WetterOnline Service"<listserv_city@listserv.wetteronline.de>][Date Mon, 10 Apr 2006 ... /[From Yso-8859-1?Q?OnVista_-_Aktien?ÃŠktien@backclick.onvista.de>][Date Sat, 22 Apr 2006 10:38:33 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text/[From "WetterOnline Service"<listserv_city@listserv.wetteronline.de>][Date Mon, 10 Apr 2006 19:11:37 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED/[From Carina Gehlauf <secgen@elsa-bremen.de>][Date Wed, 22 Jun 2005 16:17:16 +0200]/text Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED/[From "MSN Groups" <notifications@groups.msn.com>][Date Sat, 9 Oct 2004 06:29:00 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox/[From Nanji Henry Nota <nanji_hn@yahoo.co.uk>][Date Fri, 22 Oct 2004 12:44:02 +0100 (BST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infected - 29 skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Gary Wilson" <MichaeleEjNelson@revoltcenter.com>][Date Fri, 1 Sep 2006 12:47:16 +0200 (MEST)]/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Volksbanken Raiffeisenbanken" <custservice-ref-1986426799507vr@volksbank.de>][Date Sun, 3 Sep 2006 20:01:54 +0200 (MEST)]/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Galloway Q. Wisconsin" <xjharding@grendel.partyline.net>][Date Mon, 04 Sep 2006 01:13:26 -0400]/text/[From "Volksbanken Raiffeisenbanken AG 2006" <operator_8452336vr@vr-networld.de>][Date Tue, 5 Sep 2006 07:30:45 +0200 (MEST)]/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Galloway Q. Wisconsin" <xjharding@grendel.partyline.net>][Date Mon, 04 Sep 2006 01:13:26 -0400]/text/[From "Volksbanken Raiffeisenbanken AG" <customercare-256899446576vr@vr-networld.de>][Date Tue, 5 Sep 2006 15:07:59 +0200 (MEST)]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Galloway Q. Wisconsin" <xjharding@grendel.partyline.net>][Date Mon, 04 Sep 2006 01:13:26 -0400]/text/[From "Volksbanken Raiffeisenbanken AG" <customercare-256899446576vr@vr-networld.de>][Date Tue, 5 Sep 2006 15:07:59 +0200 (MEST)]/UNNAMED/[From "Quorums T. Upwards" <ddribin@gibcjupiter.org>][Date Tue, 05 Sep 2006 08:24:03 -0400]/text/[From "Annabelle Conklin" <AnnabelleConklin@034efi.com>][Date Tue, 5 Sep 2006 19:51:39 +0480]/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Galloway Q. Wisconsin" <xjharding@grendel.partyline.net>][Date Mon, 04 Sep 2006 01:13:26 -0400]/text/[From "Volksbanken Raiffeisenbanken AG" <customercare-256899446576vr@vr-networld.de>][Date Tue, 5 Sep 2006 15:07:59 +0200 (MEST)]/UNNAMED/[From "Quorums T. Upwards" <ddribin@gibcjupiter.org>][Date Tue, 05 Sep 2006 08:24:03 -0400]/text/[From "Xfire Inside ... /[From "Volksbanken Raiffeisenbanken 2006" <reference_id_557755vr@volksbank.de>][Date Sat, 09 Sep 2006 09:52:30 -060 ... /html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Galloway Q. Wisconsin" <xjharding@grendel.partyline.net>][Date Mon, 04 Sep 2006 01:13:26 -0400]/text/[From "Volksbanken Raiffeisenbanken AG" <customercare-256899446576vr@vr-networld.de>][Date Tue, 5 Sep 2006 15:07:59 +0200 (MEST)]/UNNAMED/[From "Quorums T. Upwards" <ddribin@gibcjupiter.org>][Date Tue, 05 Sep 2006 08:24:03 -0400]/text/[From "Xfire Inside ... /[From "Volksbanken Raiffeisenbanken 2006" <reference_id_557755vr@volksbank.de>][Date Sat, 09 Sep 2006 09:52:30 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Galloway Q. Wisconsin" <xjharding@grendel.partyline.net>][Date Mon, 04 Sep 2006 01:13:26 -0400]/text/[From "Volksbanken Raiffeisenbanken AG" <customercare-256899446576vr@vr-networld.de>][Date Tue, 5 Sep 2006 15:07:59 +0200 (MEST)]/UNNAMED/[From "Quorums T. Upwards" <ddribin@gibcjupiter.org>][Date Tue, 05 Sep 2006 08:24:03 -0400]/text/[From "Xfire Insider" <insider@xfire.com>][Date Tue, 5 Sep 2006 10:44:24 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Galloway Q. Wisconsin" <xjharding@grendel.partyline.net>][Date Mon, 04 Sep 2006 01:13:26 -0400]/text/[From "Volksbanken Raiffeisenbanken AG" <customercare-256899446576vr@vr-networld.de>][Date Tue, 5 Sep 2006 15:07:59 +0200 (MEST)]/UNNAMED/[From "Quorums T. Upwards" <ddribin@gibcjupiter.org>][Date Tue, 05 Sep 2006 08:24:03 -0400]/text Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Galloway Q. Wisconsin" <xjharding@grendel.partyline.net>][Date Mon, 04 Sep 2006 01:13:26 -0400]/text/[From "Volksbanken Raiffeisenbanken AG" <customercare-256899446576vr@vr-networld.de>][Date Tue, 5 Sep 2006 15:07:59 +0200 (MEST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk/[From "Galloway Q. Wisconsin" <xjharding@grendel.partyline.net>][Date Mon, 04 Sep 2006 01:13:26 -0400]/text Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk Mail Berkeley mbox: infected - 11 skipped
C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Dokumente und Einstellungen\ella\ntuser.dat Object is locked skipped
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-02-06.16-33-42.log Object is locked skipped
C:\System Volume Information\_restore{250B27CE-5FD8-4052-9062-8FB0DED8A590}\RP646\A0137257.exe Infected: Trojan.Win32.Inject.au skipped
C:\System Volume Information\_restore{250B27CE-5FD8-4052-9062-8FB0DED8A590}\RP646\change.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\krams\stuff\mirc trivia\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\krams\stuff\mirc trivia\mirc616.exe mIRC: infected - 1 skipped
D:\krams\stuff\mirc trivia\iTrivia.release.1.1.beta.zip/iTrivia.release.1.1.beta/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped
D:\krams\stuff\mirc trivia\iTrivia.release.1.1.beta.zip ZIP: infected - 1 skipped

Scan process completed.

by **yexie** » February 6th, 2007, 2:02 pm

and last but not least avg anti spyware

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:19:00 06.02.2007

+ Scan result:

C:\Dokumente und Einstellungen\ella\Desktop\COPartner\Copanther_ServerEmulated\S3DHook.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\Programme\MSNContentPlus\MSN Content Installer\patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Dokumente und Einstellungen\ella\Desktop\aufrÃ¤umen\patch.exe -> Trojan.Delf.li : Cleaned with backup (quarantined).
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Option Loud Copy That\error info.exe -> Trojan.Inject.au : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{250B27CE-5FD8-4052-9062-8FB0DED8A590}\RP642\A0135667.exe -> Trojan.Inject.au : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{250B27CE-5FD8-4052-9062-8FB0DED8A590}\RP642\A0135668.exe -> Trojan.Inject.au : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{250B27CE-5FD8-4052-9062-8FB0DED8A590}\RP643\A0136022.exe -> Trojan.Inject.au : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{250B27CE-5FD8-4052-9062-8FB0DED8A590}\RP643\A0136023.exe -> Trojan.Inject.au : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{250B27CE-5FD8-4052-9062-8FB0DED8A590}\RP643\A0136152.exe -> Trojan.Inject.au : Cleaned with backup (quarantined).

::Report end

kaspersky said it found 3 viruses and even more infectd files

but im sure you can tell by the log... i hope so at least

well... enjoy inspecting the inside of my computer (probably as chaotic as the inside of my head)

by **yexie** » February 6th, 2007, 2:03 pm

eh... no edit button or i didnt find it, have to correct myself, kaspersky foun 6!! viruses

by **Linkmaster** » February 6th, 2007, 3:36 pm

Bear with me here :

Empty the contents of the following folders in BOLD :

C:\Dokumente und Einstellungen\ella\Lokale Einstellungen\Anwendungsdaten\Identities\{5CFA5382-4B3A-47DB-9CD9-74402828227A}\Microsoft\Outlook Express\Posteingang.dbx (is that the deleted items folder??)

C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Inbox (looks like ALL mail from Nanji Henry Nota)

C:\Dokumente und Einstellungen\ella\Anwendungsdaten\Thunderbird\Profiles\5c1yf0eu.default\Mail\Local Folders\Junk

D:\krams\stuff\mirc trivia

Empty the Deleted Items folders again for Outlook Express and Thunderbird

Run Kaspersky WebScanner again

Post a fresh HijackThis log and the Kaspersky webScanner log here

by **yexie** » February 6th, 2007, 4:04 pm

posteingang.dbx is the inbox folder... but i dont use outlook anymore so all in there is really really old so i think i can just delete it.

by **Linkmaster** » February 6th, 2007, 5:43 pm

OK good idea !

by **'KotaGuy** » February 19th, 2007, 11:40 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Free Malware Removal Forum

help please :( msn error 80072efd

help please :( msn error 80072efd

Who is online