Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I dont know what the hell is happening???

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I dont know what the hell is happening???

Unread postby negm88 » July 27th, 2007, 3:54 pm

Hey all! Ok so I just got a new computer with Vista and I was on the internet and everything was fine...The next day when I restarted my computer, Windows Firewall told me theres a program trying to access the network and it had a weird name like hsfwk.exe in the system 32 folder. So i said keep blocking but when i went to the folder I couldnt find the file...And ever since then, every day, everytime i restart the computer Windows Firewall tells me an exe with a different name is trying to access the network all with jibberish names and unverified publishers...PLEASE if anyone can help me it would be awesome...Here's my HiJack This report...Thanks alot

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:49 PM, on 7/27/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Users\Abdel Rahman Negm\Desktop\HiJackThis.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iFinger\iFinger.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\hfwsaj.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.saramco.net:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: iFinger - {1624F640-49AC-11D3-8ABD-00C04FA95EE0} - C:\PROGRA~1\iFinger\IFINGE~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Microsoft Update Machine] lajgbr.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\RunServices: [Microsoft Update Machine] lajgbr.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Users\Abdel Rahman Negm\Desktop\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2281244247-817284931-1731002456-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: iFinger.lnk = C:\Program Files\iFinger\iFinger.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\Windows\system32\SHDOCVW.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11349 bytes
negm88
Active Member
 
Posts: 2
Joined: July 27th, 2007, 3:47 pm
Advertisement
Register to Remove

Unread postby silver » July 29th, 2007, 2:54 am

Hi negm88,

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:
  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, I'll now continue with instructions for cleaning.


Please print/save a copy of these instructions because we will be using Safe Mode, during which time you won't have access to the internet.

You appear to have no antivirus software running. Without antivirus software your computer is very vulnerable and can easily be infected at any time so it it is essential you have one active at all times.

There are several free packages available, two of the most popular are here (both are Vista compatible):
AVG Antivirus: http://free.grisoft.com/doc/1
Antivir: http://www.free-av.com/

If you have no antivirus program then download and install one immediately, update the definitions and set it to update automatically. Then do a full system scan and quarantine/delete anything it finds, and make a note of where the logfile is stored so you can post a copy in your next response.

Move HijackThis from the desktop to it's own folder:
  • Open My Computer, navigate to C:\ and make a new folder named HJT
  • Move the HijackThis.exe program file from your desktop to C:\HJT
  • Right-click HijackThis.exe, choose the Compatibility tab and check the box next to Run this program as an administrator
  • If you wish to place a shortcut to HijackThis on your desktop, then right-click hijackthis.exe, select Send To and choose Desktop (create shortcut)


Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following lines (if present):
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Microsoft Update Machine] lajgbr.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] lajgbr.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Users\Abdel Rahman Negm\Desktop\HijackThis.exe /startupscan


Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Make hidden/system files and folders visible:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK

Next, reboot your computer in Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8
A menu should appear, use the arrow keys to select Safe Mode and press enter

Use Windows Explorer to find and delete the following file:
C:\Windows\system32\hfwsaj.exe

Now click Start->Search and when the search window opens select Advanced Search
Next to Location select Everywhere
Place a checkmark in the box labelled Include non-indexed, hidden and system files
Then copy/paste this filename into the Name box (top right) and press Search
Code: Select all
lajgbr.exe

When the search is complete, delete all files called lajgbr.exe

Note: if you have trouble deleting either of these files please let me know in your next response.

Now reboot your computer normally.

Once complete, please post the antivirus scan log along with a new HijackThis log and let me know if you had any problems with the instructions.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Progress

Unread postby negm88 » July 29th, 2007, 10:30 am

Firstly, I want to say thank you so very much...You see, I thought Windows Defender and all that was supposed to take care of viruses and all that nonsense...but it turns out to be a piece of junk...hasnt been useful for anything...So i downloaded the AVG antivirus and found a crap load of trojans and it deleted them all...One thing though, when I did the whole Safe Mode part of your instructions, I couldnt find the files hfwsaj.exe or Lajgbr.exe...I did the whole search and even manually searched through folders...couldn't find them...Also, I could not find the last 3 entries you told me to fix in the HijackThis scan (all of the O4's),but i found the first 2. So here is an updated HijackThis Report and my antivirus log...Thanks again...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:04 PM, on 7/29/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.saramco.net:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2281244247-817284931-1731002456-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: iFinger.lnk = C:\Program Files\iFinger\iFinger.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\Windows\system32\SHDOCVW.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11810 bytes

<history>
<!-- 01c7d1fa7d842570 -->
<rec time="2007/07/29 16:06:58" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1080-1048;iavi:934-875;</attr>
</rec>
<rec time="2007/07/29 16:07:39" user="Abdel Rahman Negm" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/07/29 16:07:41" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\system32\shbrvt.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:27:36" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Users\Abdel Rahman Negm\Desktop\Negm\Ticket-Crack.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">VB.NJ</attr>
</rec>
<rec time="2007/07/29 16:27:36" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Users\Abdel Rahman Negm\Desktop\Negm\Ticket-Crack.rar</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">VB.NJ</attr>
</rec>
<rec time="2007/07/29 16:32:25" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\anuvmw.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:27" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\bcqlry.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:31" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\civpib.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:33" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\cyoynh.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:37" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\dghgwu.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:41" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\esfnco.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:42" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\evfdin.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:42" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\ewkxkl.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:42" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\fhvkoo.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:45" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\gvhdla.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:45" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\hfwsaj.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:46" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\hpppmx.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:46" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\hqqera.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:46" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\hznfob.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:49" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\iocfxr.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:50" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\isccew.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:51" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\itanpw.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:51" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\jjefdn.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:52" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\kjwxyx.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:53" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\lajgbr.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:53" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\ljycgl.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:54" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\llenpv.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:54" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\locgqk.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:57" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\mjyfaq.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:57" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\mkrlaq.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:32:57" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\mkueib.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:05" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\mtvvvj.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:35" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\ofuceb.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:36" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\oobtde.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:38" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\psggvc.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:39" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\pyifam.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:39" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\qsezmq.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:40" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\qyqvjf.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:42" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\rmbyli.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:42" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\scehyz.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:44" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\shbrvt.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:51" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\tqgahp.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:52" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\uijkxb.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:52" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\uqloje.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:52" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\urcfey.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:53" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\uuirqi.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:54" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\vfskut.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:54" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\vmwxlf.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:33:55" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\wbojeg.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:34:03" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\wxbkxi.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:34:03" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\xaakas.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:34:04" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\xxysfz.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:34:04" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\ymrmwh.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:34:04" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\ynkdji.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:34:04" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\zlosxw.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:34:05" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\System32\zxezkr.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:41:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Windows\System32\shbrvt.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:45:01" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Windows\system32\shbrvt.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">IRC/BackDoor.SdBot3.CLM</attr>
</rec>
<rec time="2007/07/29 16:45:01" user="Abdel Rahman Negm" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">55</attr>
</rec>
<rec time="2007/07/29 16:45:03" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\system32\shbrvt.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:03" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Users\Abdel Rahman Negm\Desktop\Negm\Ticket-Crack.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:03" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\anuvmw.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:03" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\bcqlry.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:03" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\civpib.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:03" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\cyoynh.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:04" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\dghgwu.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:04" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\esfnco.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:04" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\evfdin.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:05" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\ewkxkl.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:05" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\fhvkoo.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:05" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\gvhdla.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:05" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\hfwsaj.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:05" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\hpppmx.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:06" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\hqqera.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:06" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\hznfob.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:06" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\iocfxr.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:06" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\isccew.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:06" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\itanpw.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:07" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\jjefdn.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:07" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\kjwxyx.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:07" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\lajgbr.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:07" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\ljycgl.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:07" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\llenpv.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:07" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\locgqk.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:07" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\mjyfaq.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:08" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\mkrlaq.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:08" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\mkueib.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:08" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\mtvvvj.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:09" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\ofuceb.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:09" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\oobtde.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:09" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\psggvc.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:09" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\pyifam.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:09" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\qsezmq.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:09" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\qyqvjf.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:09" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\rmbyli.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:10" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\scehyz.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:10" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\shbrvt.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:10" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\tqgahp.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:10" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\uijkxb.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:10" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\uqloje.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:10" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\urcfey.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:10" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\uuirqi.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:11" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\vfskut.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:11" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\vmwxlf.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:11" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\wbojeg.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:11" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\wxbkxi.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:12" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\xaakas.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:12" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\xxysfz.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:12" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\ymrmwh.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:12" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\ynkdji.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:12" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\zlosxw.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:12" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\System32\zxezkr.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:45:12" user="Abdel Rahman Negm" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Windows\system32\shbrvt.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/07/29 16:50:18" user="Abdel Rahman Negm" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/07/29 16:50:19" user="Abdel Rahman Negm" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2007/07/29 16:50:42" user="Abdel Rahman Negm" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2007/07/29 16:51:03" user="Abdel Rahman Negm" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_13</attr>
<attr name="infectedfiles">0</attr>
</rec>
</history>

Also, one more thing, I cant get my Windoes Security Center to frieking work...Everytime i click the Turn On button next to it it says that it failed to start, and I have all the necessary conditions it needs to run...automatic updates are on, so is windows firewall and User Account control and all of that...Any help would be great...Thanks alot
negm88
Active Member
 
Posts: 2
Joined: July 27th, 2007, 3:47 pm

Unread postby silver » July 29th, 2007, 8:53 pm

Hi negm88,

I thought Windows Defender and all that was supposed to take care of viruses

Windows Defender does not take care of viruses - it is an antispyware program and installing an antivirus program is essential. As you can see from the scan results, an antivirus program may have protected you from the infections on this machine had it been installed earlier.

Regarding the files and HijackThis entries you couldn't find - don't worry about those, if they aren't present then there is no problem.

Regarding the Windows Security Center, we'll see if we can get that running in due course.

I'd like you to do another virus scan:

Download Dr.WEB CureIt to your desktop from here:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Double-click cureit.exe to start the program.
  • Press Start and then OK to start the Express scan
  • The Express scan takes just a few moments to finish, if something is found, click Yes to cure it
  • Once the short scan has finished, Click Options->Change settings
  • Choose the Scan tab and remove the check mark from Heuristic analysis
  • Choose the Actions tab and next to Infected objects select Move, then press OK to close the settings box.
  • Select all hard drives to be scanned by clicking on them - choose all drives - a red dot confirms they will be scanned
  • Click the green arrow on the right to start the scan
  • Click Yes to all if it asks if you want to move a file
  • Click File-> Save report list and save the report to your desktop
  • Close Dr.Web Cureit and reboot your computer (this is important as files may be moved/deleted during reboot)

Then download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply


Once complete, please post the Dr Web log and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby silver » August 3rd, 2007, 9:44 pm

Hi,

How are you getting on?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby NonSuch » August 9th, 2007, 12:50 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware