Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus Mawar

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus Mawar

Unread postby wanhor » May 26th, 2008, 2:59 pm

Hi.i have install winpatrol to remove the virusmawar.
when i click > run then type regedit then ctrl F type autorun.inf and click > search, i stil found the c:\Autorun.inf
should i delete it in windows safe mode?
and my pc start very slow to start up after i effect with this virus. Help me.

d hijack log file is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:17 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [\\chua\EPSON Stylus C59 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\DOCUME~1\wanhor\LOCALS~1\Temp\E_S20.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus C59 Series on 3Q] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S15.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Auto EPSON Stylus C59 Series on chua] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S19.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD4} (CS Order Entry Control (RHS)) - http://download.excelforce.com.my/rhs/cab/csoex_rhs.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.excelforce.com.my/rhs/cab/cswx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCD1749A-32FF-40DC-80DE-9629C3418930}: NameServer = 202.188.0.133,192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 9236 bytes


million thanks.
wanhor
Active Member
 
Posts: 6
Joined: May 26th, 2008, 2:46 pm
Advertisement
Register to Remove

Re: Virus Mawar

Unread postby MikeSwim07 » June 1st, 2008, 12:22 pm

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please note: All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Virus Mawar

Unread postby wanhor » June 2nd, 2008, 2:15 am

Here d list. :)
thanks.

??à×5
Adobe Acrobat 7.0 Professional
Adobe Flash Player ActiveX
Adobe Illustrator CS2
Adobe Reader 8.1.1
Adobe SVG Viewer 3.0
Audio Record Wizard v3.98
Conexant HD Audio
CorelDRAW Graphics Suite X3
CyberPower Audio Editing Lab 12.8.7
Driver Detective
EN
File Downloader
FontNav
FXCM Trading Station II
Google Gmail Notifier
HDAUDIO Soft Data Fax Modem with SmartCP
HeidiSQL 3.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
HP Quick Launch Buttons 6.40 B2
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 5
Kaspersky Anti-Virus 6.0
Kaspersky Anti-Virus 6.0
K-Lite Codec Pack 2.83 Full
Media Player Classic DVDRip2¥·?ì×?t°2×°°ü
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft ASP.NET 2.0 AJAX Extensions 1.0
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Academic Edition - ENU
Microsoft Visual Studio 2005 Standard Edition - ENU
MOZAT M2U Server
Mozilla Firefox (2.0.0.14)
MSVC80_x86
MSXML 6.0 Parser
MySQL Connector/ODBC 3.51
MySQL Server 5.0
Nero Suite
PowerDirector
QuickTime
RealPlayer
ThreatFire 3.5
Update for Windows XP (KB898461)
Update Manager
VBA
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
WinPatrol 2008
WinRAR archiver
YouSendIt Express
wanhor
Active Member
 
Posts: 6
Joined: May 26th, 2008, 2:46 pm

Re: Virus Mawar

Unread postby MikeSwim07 » June 2nd, 2008, 7:03 am

Download and Run DSS
Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Virus Mawar

Unread postby wanhor » June 2nd, 2008, 12:03 pm

main.txt

Deckard's System Scanner v20071014.68
Run by wanhor on 2008-06-02 23:56:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-02 15:56:29 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as wanhor.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:50 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\wanhor\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\wanhor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus C59 Series on 3Q] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S15.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Auto EPSON Stylus C59 Series on chua] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S19.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD4} (CS Order Entry Control (RHS)) - http://download.excelforce.com.my/rhs/cab/csoex_rhs.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.excelforce.com.my/rhs/cab/cswx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCD1749A-32FF-40DC-80DE-9629C3418930}: NameServer = 202.188.0.133,192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 8731 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 pccsmcfd (PCCS Mode Change Filter Driver) - c:\windows\system32\drivers\pccsmcfd.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
S3 SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter) - c:\windows\system32\drivers\se27mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Modem Filter Driver>
S3 SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver) - c:\windows\system32\drivers\se27mdm.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Data Modem>
S3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Device Management>
S3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 upperdev - c:\windows\system32\drivers\usbser_lowerflt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-05-27 02:26:28 0 d-------- C:\Program Files\Trend Micro
2008-05-27 01:53:10 0 d-------- C:\Temp
2008-05-27 01:15:39 0 d-------- C:\Documents and Settings\wanhor\Application Data\WinPatrol
2008-05-27 01:15:17 0 d-------- C:\Program Files\BillP Studios
2008-05-27 01:02:13 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-27 01:02:13 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-27 01:02:13 4712992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-27 01:01:59 52512 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-27 01:01:59 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-24 00:05:18 0 d-------- C:\Documents and Settings\wanhor\FileDownloader
2008-05-24 00:05:10 0 d-------- C:\Program Files\FDN
2008-05-23 23:59:26 0 d-------- C:\Program Files\MegauploadToolbar
2008-05-23 23:59:26 0 d-------- C:\Documents and Settings\wanhor\Application Data\MegauploadToolbar
2008-05-23 08:13:44 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Start Menu
2008-05-23 04:59:32 0 d-------- C:\Documents and Settings\wanhor\Application Data\CyberPower Audio Editing Lab
2008-05-23 04:58:48 348160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-05-23 04:58:48 417792 --a------ C:\WINDOWS\system32\NCTTextToAudio2.dll <Not Verified; Online Media Technologies Ltd.; NCTTextToAudio2 ActiveX DLL>
2008-05-23 04:58:48 602112 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL>
2008-05-23 04:58:48 880640 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL>
2008-05-23 04:58:48 835584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll <Not Verified; NCT; NCTAudioCDGrabber2 ActiveX DLL>
2008-05-23 04:58:47 475136 --a------ C:\WINDOWS\system32\NCTAudioVisualizationEx2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioVisualizationEx2 ActiveX DLL>
2008-05-23 04:58:47 479232 --a------ C:\WINDOWS\system32\NCTAudioVisualization2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-05-23 04:58:47 458752 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-05-23 04:58:47 458752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-05-23 04:58:47 1212416 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-05-23 04:58:47 1986560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-05-23 04:58:47 2084864 --a------ C:\WINDOWS\system32\NCTAudioDesign2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-05-23 04:58:47 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-05-23 04:58:45 0 d-------- C:\Program Files\CyberPower Audio Editing Lab
2008-05-23 01:36:44 0 d-------- C:\Program Files\ARWizard3
2008-05-22 22:02:46 0 d-------- C:\Program Files\ThreatFire
2008-05-22 22:01:10 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-22 22:01:07 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-22 22:01:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-05-22 01:15:34 0 d-------- C:\Program Files\MOZAT
2008-05-21 23:42:36 0 d-------- C:\Program Files\CandleWorks
2008-05-21 02:11:54 1356 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
2008-05-11 13:55:36 26 --a------ C:\WINDOWS\system32\xlhcc.dat
2008-05-11 13:54:46 0 d-------- C:\Program Files\Common Files\Thunder Network
2008-05-09 23:48:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-09 20:44:03 0 d-------- C:\Program Files\Real
2008-05-09 20:12:33 0 d-------- C:\My Downloads
2008-05-04 23:09:51 0 d-------- C:\TDDOWNLOAD
2008-05-02 01:34:03 0 d-------- C:\Documents and Settings\wanhor\ASPNET
2008-05-02 00:32:33 5872 --a------ C:\WINDOWS\system32\drivers\SE27whnt.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
2008-05-02 00:32:33 5872 --a------ C:\WINDOWS\system32\drivers\se27wh.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
2008-05-02 00:32:33 90800 --a------ C:\WINDOWS\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
2008-05-02 00:32:33 86560 --a------ C:\WINDOWS\system32\drivers\SE27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
2008-05-02 00:32:33 18704 --a------ C:\WINDOWS\system32\drivers\se27nd5.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
2008-05-02 00:32:33 88688 --a------ C:\WINDOWS\system32\drivers\SE27mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Device Management>
2008-05-02 00:32:33 97184 --a------ C:\WINDOWS\system32\drivers\SE27mdm.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Data Modem>
2008-05-02 00:32:33 9360 --a------ C:\WINDOWS\system32\drivers\SE27mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Modem Filter Driver>
2008-05-02 00:32:33 4128 --a------ C:\WINDOWS\system32\drivers\se27cr.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
2008-05-02 00:32:33 6240 --a------ C:\WINDOWS\system32\drivers\SE27cmnt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
2008-05-02 00:32:33 6240 --a------ C:\WINDOWS\system32\drivers\SE27cm.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
2008-05-02 00:32:33 61600 --a------ C:\WINDOWS\system32\drivers\SE27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>


-- Find3M Report ---------------------------------------------------------------

2008-06-02 20:34:45 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-30 02:33:27 862 --a------ C:\WINDOWS\system32\cid_store.dat
2008-05-22 22:01:07 0 d-------- C:\Program Files\Common Files
2008-05-10 00:17:22 0 d-------- C:\Documents and Settings\wanhor\Application Data\Real
2008-05-09 23:48:47 0 d-------- C:\Program Files\Common Files\Real
2008-05-01 23:46:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-01 23:45:57 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-01 22:50:34 0 d-------- C:\Documents and Settings\wanhor\Application Data\PC Suite
2008-05-01 22:49:10 0 d-------- C:\Documents and Settings\wanhor\Application Data\Nokia
2008-05-01 22:47:32 0 d-------- C:\Program Files\DIFX
2008-05-01 22:14:11 0 d-------- C:\Program Files\HeidiSQL
2008-05-01 21:54:11 0 d-------- C:\Program Files\MySQL
2008-05-01 13:27:04 0 d-------- C:\Program Files\Google
2008-04-23 00:51:52 0 d-------- C:\Documents and Settings\wanhor\Application Data\CyberLink
2008-04-22 23:23:35 0 d-------- C:\Documents and Settings\wanhor\Application Data\Media Player Classic
2008-04-22 12:19:36 0 d-------- C:\Documents and Settings\wanhor\Application Data\Adobe
2008-04-22 12:16:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-22 02:16:50 0 d-------- C:\Documents and Settings\wanhor\Application Data\Sun
2008-04-22 02:16:22 0 d-------- C:\Program Files\Java
2008-04-22 02:13:53 0 d-------- C:\Program Files\Common Files\Java
2008-04-21 20:53:22 20 --a------ C:\WINDOWS\system32\pub_store.dat
2008-04-21 20:47:44 0 d-------- C:\Program Files\Thunder Network
2008-04-19 15:15:59 0 d-------- C:\Program Files\EPSON
2008-04-18 12:43:49 0 d-------- C:\Documents and Settings\wanhor\Application Data\YouSendIt
2008-04-18 12:43:33 0 d-------- C:\Program Files\YouSendIt
2008-04-18 06:17:31 0 d-------- C:\Documents and Settings\wanhor\Application Data\Kingsoft
2008-04-18 00:08:54 0 d-------- C:\Program Files\MSN Messenger
2008-04-17 15:01:02 169124 --a------ C:\Documents and Settings\wanhor\Application Data\debuggee.mdmp
2008-04-17 14:23:35 0 d-------- C:\Program Files\Microsoft ASP.NET
2008-04-17 14:00:21 0 d-------- C:\Documents and Settings\wanhor\Application Data\Corel
2008-04-17 06:11:31 62 --ahs---- C:\Documents and Settings\wanhor\Application Data\desktop.ini
2008-04-17 01:52:07 0 d-------- C:\Documents and Settings\wanhor\Application Data\AdobeUM
2008-04-17 01:44:23 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-17 01:42:10 0 d-------- C:\Program Files\Microsoft.NET
2008-04-17 01:39:36 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-04-17 01:39:29 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-04-17 01:30:22 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-17 01:27:47 0 d-------- C:\Program Files\MSBuild
2008-04-17 01:27:37 0 d-------- C:\Program Files\HTML Help Workshop
2008-04-17 01:27:05 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-04-17 01:19:43 0 d-------- C:\Program Files\CE Remote Tools
2008-04-17 00:37:25 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-17 00:37:13 0 d-------- C:\Documents and Settings\wanhor\Application Data\InstallShield
2008-04-17 00:32:50 0 d-------- C:\Program Files\CONEXANT
2008-04-17 00:14:55 0 d-------- C:\Program Files\Intel
2008-04-17 00:03:29 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-16 23:55:50 0 d-------- C:\Documents and Settings\wanhor\Application Data\Macromedia
2008-04-16 23:55:47 1160 --a------ C:\WINDOWS\mozver.dat
2008-04-16 23:38:24 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-16 23:35:36 0 d-------- C:\Program Files\Corel
2008-04-16 23:35:36 0 d-------- C:\Program Files\Common Files\Corel
2008-04-16 23:22:32 0 d-------- C:\Program Files\CyberLink
2008-04-16 23:17:47 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-16 23:14:10 0 d-------- C:\Program Files\Common Files\Nero
2008-04-16 23:13:01 0 d-------- C:\Program Files\Ahead
2008-04-16 23:12:58 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-16 23:11:37 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-16 23:11:12 0 d-------- C:\Program Files\Media Player Classic
2008-04-16 23:03:17 0 d-------- C:\Program Files\QuickTime
2008-04-16 22:54:52 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-16 22:49:55 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-16 22:49:53 0 d-------- C:\Documents and Settings\wanhor\Application Data\Mozilla
2008-04-16 22:22:52 0 d-------- C:\Documents and Settings\wanhor\Application Data\Identities
2008-04-16 22:16:32 0 d-------- C:\Program Files\Movie Maker
2008-04-16 22:16:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-16 22:15:37 0 d-------- C:\Program Files\Messenger
2008-04-16 22:15:34 0 d-------- C:\Program Files\Windows NT
2008-04-16 21:49:10 0 d-------- C:\Program Files\Wopti
2008-04-16 21:48:45 0 d-------- C:\Program Files\360safe
2008-04-16 21:48:41 0 d-------- C:\Program Files\CrGreenBrowser
2008-04-16 21:44:50 0 d-------- C:\Program Files\msn gaming zone
2008-04-16 21:44:50 0 d-------- C:\Program Files\microsoft frontpage
2008-04-16 21:42:13 0 -rahs---- C:\MSDOS.SYS
2008-04-16 21:42:13 0 -rahs---- C:\IO.SYS
2008-04-16 21:42:13 0 --a------ C:\CONFIG.SYS
2008-04-16 21:42:13 0 --a------ C:\AUTOEXEC.BAT
2008-04-16 21:41:12 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-16 21:41:08 0 d-------- C:\Program Files\Online Services
2008-04-16 21:40:21 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-16 21:35:07 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-16 21:35:04 0 d-------- C:\Program Files\Common Files\SpeechEngines


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 02:12 AM]
"@"="" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [12/19/2007 11:08 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [12/19/2007 11:08 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [12/19/2007 11:07 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [12/06/2007 02:13 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Auto EPSON Stylus C59 Series on 3Q"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.exe" [02/23/2006 03:00 AM]
"Auto EPSON Stylus C59 Series on chua"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.exe" [02/23/2006 03:00 AM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/16/2005 05:48 AM]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [04/24/2008 04:52 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [01/29/2007 11:02 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/26/2008 01:31 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [4/17/2008 12:03:23 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95eaf497-0bc0-11dd-b106-001eec15376e}]
1\Command- G:\RECYCLER\RECYCLER\autorun.exe
2\Command- G:\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\RECYCLER\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-06-02 23:59:35 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
CPU 1: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 1525.94 MiB / 1080.98 MiB
Pagefile Memory (total/avail): 2900.36 MiB / 2550.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.14 MiB

C: is Fixed (NTFS) - 29.29 GiB total, 14.63 GiB free.
D: is Fixed (NTFS) - 119.75 GiB total, 61.57 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HM160HI - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 119.75 GiB - D:

\\.\PHYSICALDRIVE1 - Generic- Multi-Card USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Kaspersky Anti-Virus v6.0.2.614 () Disabled
AV: ThreatFire v3.5.0.21 (PC Tools) Disabled
AV: Kaspersky Anti-Virus v6.0.2.614 () Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\setup\\PowerWord 2005\\XDICT.EXE"="D:\\setup\\PowerWord 2005\\XDICT.EXE:*:Disabled:Kingsoft PowerWord 2005"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"="C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe:*:Enabled:Thunder"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\wanhor\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WANHOR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\wanhor
LOGONSERVER=\\WANHOR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\wanhor\LOCALS~1\Temp
TMP=C:\DOCUME~1\wanhor\LOCALS~1\Temp
USERDOMAIN=WANHOR
USERNAME=wanhor
USERPROFILE=C:\Documents and Settings\wanhor
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

wanhor (admin)
ASPNET


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Audio Record Wizard v3.98 --> "C:\Program Files\ARWizard3\unins000.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -I*.INF
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
CyberPower Audio Editing Lab 12.8.7 --> "C:\Program Files\CyberPower Audio Editing Lab\unins000.exe"
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
EN --> MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
File Downloader --> MsiExec.exe /I{A5CD6670-1F48-45A3-B3E4-8238FECD1FA5}
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
FXCM Trading Station II --> C:\Program Files\CandleWorks\FXTS2\uninstall.exe FXCM Trading Station II
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_SprtHD5m\UIU32m.exe -U -ISprtHD5m.inf
HeidiSQL 3.2 --> "C:\Program Files\HeidiSQL\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Quick Launch Buttons 6.40 B2 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0804 -removeonly uninst
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 2.83 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Media Player Classic DVDRip播放套件安装包 --> C:\Program Files\Media Player Classic\uninstall.exe
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft ASP.NET 2.0 AJAX Extensions 1.0 --> MsiExec.exe /X{082BDF7B-4810-4599-BF0D-E3AC44EC8524}
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Academic Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Standard Edition - ENU\setup.exe
Microsoft Visual Studio 2005 Standard Edition - ENU --> MsiExec.exe /X{D407F7C0-579E-4CCB-91FD-855CE5084E86}
MOZAT M2U Server --> "C:\Program Files\MOZAT\M2U Server\Uninstall.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{9649C3CF-AC27-4A09-9F7F-A28FADBFDA2D}
MySQL Server 5.0 --> MsiExec.exe /I{608FFCC7-7237-47BB-ABD5-8341754A3BBA}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ThreatFire 3.5 --> "C:\Program Files\ThreatFire\unins000.exe"
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WindowsApplication1 --> rundll32.exe dfshim.dll,ShArpMaintain WindowsApplication1.application, Culture=neutral, PublicKeyToken=a9945aa04c60e470, processorArchitecture=msil
WinPatrol 2008 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
YouSendIt Express --> C:\Program Files\InstallShield Installation Information\{1193600A-134F-40F9-9F71-FEF54C93C629}\setup.exe -runfromtemp -l0x0409
迅雷5 --> "C:\Program Files\Thunder Network\Thunder\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type6831 / Success
Event Submitted/Written: 06/01/2008 09:52:06 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6529 / Error
Event Submitted/Written: 05/31/2008 06:20:46 PM
Event ID/Source: 473 / ESENT
Event Description:
Catalog Database (752) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb was partially detached. Error -1032 encountered updating database headers.

Event Record #/Type6528 / Error
Event Submitted/Written: 05/31/2008 06:20:41 PM
Event ID/Source: 439 / ESENT
Event Description:
Catalog Database (752) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error -1032.

Event Record #/Type6527 / Error
Event Submitted/Written: 05/31/2008 06:20:41 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (752) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type6150 / Error
Event Submitted/Written: 05/27/2008 03:18:20 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application CorelDRW.exe, version 13.0.0.576, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6813 / Warning
Event Submitted/Written: 06/02/2008 09:53:07 PM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.

Event Record #/Type6744 / Warning
Event Submitted/Written: 06/02/2008 00:26:22 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver EPSON Stylus C59 Series for Windows NT x86 Version-3 was added or updated. Files:- E_FMAIBHP.DLL, E_FUICBHP.DLL, E_FVIFBHP.VIF, E_QI091E.CHM, E_FDSPBHP.DLL, E_FJBCBHP.DLL, E_FCONBHP.DLL, E_FPRMBHP.PRM, E_FOKABHP.DLL, E_FBSRBHP.EXE, E_FUIRBHP.DLL, E_FUI1BHP.DLL, E_FCF0BHP.CFG, E_FGRCBHP.DLL, E_FPRUBHP.DLL, E_FPREBHP.EXE, EPSET32.DLL, E_DP1BHE.DAT, E_FHM0BHP.DLL, E_FMW0BHP.DLL, E_FHT0BHP.DLL, E_FSR0BHP.DLL, E_FHBRBHP.DLL, E_FHUTBHP.DLL, E_FHUTBHP.EXE, E_FHSRBHP.DLL, E_FBAPBHP.DLL, E_FBBIBHP.DLL, E_FBIDBHP.LMD, E_FBLPBHP.DLL, E_FBIDBHP.DAT, EBPSHRE4.DLL, SAGENT4.EXE, EBPSAGT4.DAT, E_FBAGBHP.DLL, EPUPDATE.EXE, EPUPDATE.DAT, E_FARNBHP.EXE, E_FASKBHP.DLL, E_FAMTBHP.EXE, E_FAMDBHP.EXE, E_FAIRBHP.DLL, E_FAPRBHP.DLL, E_FATIBHP.EXE, E_FABRBHP.DLL, E_FASRBHP.DLL, E_FBINBHP.EXE, E_FAIFBHP.DAT, E_S00RP1.EXE, E_QIAL2E.CHM.

Event Record #/Type6722 / Error
Event Submitted/Written: 06/02/2008 00:07:43 PM / 06/02/2008 00:08:13 PM
Event ID/Source: 4307 / NetBT
Event Description:
Initialization failed because the transport refused to open initial Addresses.

Event Record #/Type6644 / Warning
Event Submitted/Written: 06/01/2008 01:14:40 PM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.

Event Record #/Type6643 / Warning
Event Submitted/Written: 06/01/2008 01:14:36 PM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.



-- End of Deckard's System Scanner: finished at 2008-06-02 23:59:35 ------------
wanhor
Active Member
 
Posts: 6
Joined: May 26th, 2008, 2:46 pm

Re: Virus Mawar

Unread postby MikeSwim07 » June 3rd, 2008, 7:04 am

Hello,

Please reenable these antivirus/firewalls:

Kaspersky Anti-Virus v6.0.2.614
ThreatFire v3.5.0.21 (PC Tools)
Kaspersky Anti-Virus v6.0.2.614

Did you install MegaUploadToolbar and the Yousendit toolbar? If you didn't, please follow my instructions to delete them in red.

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL



  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.


Delete bad files and/or folders
Use Explorer to navigate to and delete the following files and/or folders (if they are present):

Folders:
C:\Program Files\MegauploadToolbar
C:\Documents and Settings\wanhor\Application Data\MegauploadToolbar
C:\Program Files\YouSendIt


Now just exit Explorer.

*****Make sure that you empty your recycle bin and restart your computer*****

Please post a new Hijackthis log, and Are you experiencing any problems?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Virus Mawar

Unread postby wanhor » June 3rd, 2008, 6:24 pm

ya.i have install megaupload and you send it before.i just uninstall the megaupload.
now the virus mawar not pop up but few days ago the kaspersky pop up a message ask me want to restore the virus mawar. i was shock...then i click cancel on it.is the virus stil inside my laptop?
and when i open my computer, my PF usage is up to 400 MB, is there any malicious program run behind?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:36 AM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus C59 Series on 3Q] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S15.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Auto EPSON Stylus C59 Series on chua] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S19.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD4} (CS Order Entry Control (RHS)) - http://download.excelforce.com.my/rhs/cab/csoex_rhs.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.excelforce.com.my/rhs/cab/cswx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCD1749A-32FF-40DC-80DE-9629C3418930}: NameServer = 202.188.0.133,192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 8783 bytes
wanhor
Active Member
 
Posts: 6
Joined: May 26th, 2008, 2:46 pm

Re: Virus Mawar

Unread postby MikeSwim07 » June 4th, 2008, 7:02 am

Online ActiveScan 2.0

  • Visit the ActiveScanwebsite.
  • Click on the green botton that says Scan Now
  • If asked to install the ActiveX(in IE) or addon(In Firefox) allow it to download.
  • Wait for the components to be downloaded,installed and updated
  • Once the updating is completed, the scan will automatically start
  • Note: This may take a while to complete, please be patient
  • When the scan has completed, click on the little paper pad next to the button that says Export to...
  • Don't change the name and save this to your desktop.
  • Please post this log on your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Virus Mawar

Unread postby wanhor » June 4th, 2008, 10:05 am

hi, i can see the virusmawar.js inside the log file.....so wat should i do now?

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-04 22:01:32
PROTECTIONS: 2
MALWARE: 25
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ThreatFire 3.5.0.21 Yes Yes
Kaspersky Anti-Virus 6.0.2.614 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Cookies\wanhor@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Cookies\wanhor@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Cookies\wanhor@yadro[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.yadro.ru/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Cookies\wanhor@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Cookies\wanhor@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Cookies\wanhor@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Cookies\wanhor@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Cookies\wanhor@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.bs.serving-sys.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[server.iad.liveperson.net/hc/23483223]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[server.iad.liveperson.net/hc/9285139]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[server.iad.liveperson.net/hc/23483223]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[server.iad.liveperson.net/hc/9285139]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[server.iad.liveperson.net/hc/61084510]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[server.iad.liveperson.net/hc/61084510]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[statse.webtrendslive.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.questionmarket.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Cookies\wanhor@adultfriendfinder[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.did-it.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP6\PdmHist\618.9C493C8601C8C63F.history\0000000c.bak[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\wanhor\Application Data\Mozilla\Firefox\Profiles\lfjukpf9.default\cookies.txt[.atwola.com/]
01942811 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\CrGreenBrowser\Resource\GreenBrowserUpdate.exe
02898268 JS/AutoRun.OF Virus/Worm No 0 Yes No C:\WINDOWS\system32\VirusMawar.js
02934040 Generic Trojan Virus/Trojan No 0 Yes No D:\setup\antivirus and antispyware\Kaspersky Anti Virus 6.0.2.614 With 3 Year Key\(20年使用)破解\KAV7.0-KIS7.0(20年使用)破解\Kaspersky-Killer.exe
02934040 Generic Trojan Virus/Trojan No 0 No No D:\setup\antivirus and antispyware\Kaspersky Anti Virus 6.0.2.614 With 3 Year Key\Kaspersky.Activation.rar[ú¿20─Ω╩╣╙├ú⌐╞╞╜Γ\KAV7.0-KIS7.0ú¿20─Ω╩╣╙├ú⌐╞╞╜Γ\Kaspersky-Killer.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 
184379 MEDIUM MS08-001 
182048 HIGH MS07-069 
182046 HIGH MS07-067 
182043 HIGH MS07-064 
179553 HIGH MS07-061 
176382 HIGH MS07-057 
176383 HIGH MS07-058 
170911 HIGH MS07-050 
170907 HIGH MS07-046 
170906 HIGH MS07-045 
170904 HIGH MS07-043 
164915 HIGH MS07-035 
164913 HIGH MS07-033 
164911 HIGH MS07-031 
160623 HIGH MS07-027 
157262 HIGH MS07-022 
157261 HIGH MS07-021 
157260 HIGH MS07-020 
157259 HIGH MS07-019 
156477 HIGH MS07-017 
150253 HIGH MS07-016 
150249 HIGH MS07-013 
150248 HIGH MS07-012 
150247 HIGH MS07-011 
150243 HIGH MS07-008 
150242 HIGH MS07-007 
150241 MEDIUM MS07-006 
145501 HIGH MS07-004 
141034 HIGH MS06-076 
141033 MEDIUM MS06-075 
137571 HIGH MS06-070 
133387 MEDIUM MS06-065 
133386 MEDIUM MS06-064 
133385 MEDIUM MS06-063 
133379 HIGH MS06-057 
129977 MEDIUM MS06-053 
129976 MEDIUM MS06-052 
126093 HIGH MS06-051 
126092 MEDIUM MS06-050 
126087 HIGH MS06-046 
126086 MEDIUM MS06-045 
126082 HIGH MS06-041 
126081 HIGH MS06-040 
123421 HIGH MS06-036 
123420 HIGH MS06-035 
120825 MEDIUM MS06-032 
120823 MEDIUM MS06-030 
120818 HIGH MS06-025 
120815 HIGH MS06-022 
117384 MEDIUM MS06-018 
114666 HIGH MS06-015 
108744 MEDIUM MS06-008 
108743 MEDIUM MS06-007 
108742 MEDIUM MS06-006 
104567 HIGH MS06-002 
104237 HIGH MS06-001 
96574 HIGH MS05-053 
93395 HIGH MS05-051 
93394 HIGH MS05-050 
93454 MEDIUM MS05-049 
;===================================================================================================================================================================================
wanhor
Active Member
 
Posts: 6
Joined: May 26th, 2008, 2:46 pm

Re: Virus Mawar

Unread postby MikeSwim07 » June 4th, 2008, 3:32 pm

You seem to be running an illegal copy of Kaspersky Anti-Virus. Please uninstall this by:

Uninstall programs

now I need you to uninstall some programs

click on start
then to settings
then to control panel
in control panel find add/remove programs and double click it
now search for and remove the programs below


Kaspersky Anti Virus


Download and Install an Anti-virus Software

Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Here are some Anti Virus products which are free for personal use and most used:
AVG Free AntiVirus
Avast<- I recommend this one.
BitDefender

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Please located and delete the following files and folders:

C:\Program Files\CrGreenBrowser\Resource\GreenBrowserUpdate.exe
C:\WINDOWS\system32\VirusMawar.js
D:\setup\antivirus and antispyware\

Please post a new Hijackthis Log. How is everything running now?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Virus Mawar

Unread postby MikeSwim07 » June 7th, 2008, 7:32 am

Hello wanhor

Three day bump


It has been three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Virus Mawar

Unread postby Shaba » June 9th, 2008, 7:21 am

Due to lack of response this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware