Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

virus help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

virus help please

Unread postby why me again » June 20th, 2008, 12:16 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:30 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Ariel\Desktop\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 209789 helper - {5C78E2DB-5AFC-4A3B-9B9F-6AF136562E6F} - C:\WINDOWS\system32\209789\209789.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\rqRJCRJb.dll (file missing)
O2 - BHO: (no name) - {AA5B23BE-0608-4800-8BAF-B43BAE38225F} - C:\WINDOWS\system32\xxyyYSIb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284661A64DB7C8F0287E55E246220D9E728F80D6664366DB7D5170E744AB97
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Ariel\Local Settings\Temporary Internet Files\Content.IE5\MHC1EFMB\install_sbd_en[1].exe
O4 - HKLM\..\Run: [7d97e063] rundll32.exe "C:\WINDOWS\system32\jtwmcdno.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Ariel\Desktop\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {B4A78D29-52B1-4A7B-BAC0-1471BEDF9836} - http://xscanner.shredderscan.com/setup/webinst.cab
O20 - Winlogon Notify: rqRJCRJb - rqRJCRJb.dll (file missing)
O21 - SSODL: KernelRom - {ef1cf153-4fbe-4c1f-836b-1b0a9b79f822} - C:\WINDOWS\Resources\KernelRom.dll
O21 - SSODL: WinUnknown - {27f44e72-fd65-474a-bdde-8e7aa7d02858} - C:\WINDOWS\Resources\WinUnknown.dll
O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - C:\WINDOWS\system32\dcggain.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Access Connection Manager RasManW32Time (RasManW32Time) - Unknown owner - C:\WINDOWS\system32\~.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8719 bytes


thanks

geoffrey
why me again
Active Member
 
Posts: 3
Joined: June 20th, 2008, 12:13 pm
Advertisement
Register to Remove

Re: virus help please

Unread postby chryssi2001 » June 24th, 2008, 2:30 am

Hello why me again,

I will be assisting you with your malware issues.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
------------------------------------
If you still need help, please post a new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: virus help please

Unread postby why me again » June 24th, 2008, 2:51 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:41 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ariel\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 209789 helper - {5C78E2DB-5AFC-4A3B-9B9F-6AF136562E6F} - C:\WINDOWS\system32\209789\209789.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\rqRJCRJb.dll (file missing)
O2 - BHO: (no name) - {AA5B23BE-0608-4800-8BAF-B43BAE38225F} - C:\WINDOWS\system32\xxyyYSIb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Ariel\Local Settings\Temporary Internet Files\Content.IE5\MHC1EFMB\install_sbd_en[1].exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Ariel\Desktop\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-21-3103743714-1770117293-3307107991-1008\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe (User 'Geoffrey')
O4 - HKUS\S-1-5-21-3103743714-1770117293-3307107991-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Geoffrey')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {B4A78D29-52B1-4A7B-BAC0-1471BEDF9836} - http://xscanner.shredderscan.com/setup/webinst.cab
O20 - Winlogon Notify: rqRJCRJb - rqRJCRJb.dll (file missing)
O21 - SSODL: KernelRom - {ef1cf153-4fbe-4c1f-836b-1b0a9b79f822} - C:\WINDOWS\Resources\KernelRom.dll
O21 - SSODL: WinUnknown - {27f44e72-fd65-474a-bdde-8e7aa7d02858} - C:\WINDOWS\Resources\WinUnknown.dll
O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - C:\WINDOWS\system32\dcggain.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Access Connection Manager RasManW32Time (RasManW32Time) - Unknown owner - C:\WINDOWS\system32\~.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8793 bytes
why me again
Active Member
 
Posts: 3
Joined: June 20th, 2008, 12:13 pm

Re: virus help please

Unread postby chryssi2001 » June 25th, 2008, 7:22 am

Hello why me again,

You have a lot of infections in there, so we might need some time. Be patient, and if you are not sure about my instructions, please ask.

Let's start work now. :)
----------------------------------------------
Do you know what is this?

Remote Access Connection Manager RasManW32Time
----------------------------------------------
Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\system32\~.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
----------------------------------------------
Download and Run RogueRemover

Download RogueRemover by Rubber Ducky from here
  • Double-click on rr-free-setup.exe to start the installation of RogueRemover
  • Click Next then click I agree and finally click Install
  • Untick Show Readme and click Finish
  • This will now launch RogueRemover
  • Close the help window
  • Click Check for updates
  • If there are any updates found click Download
  • Wait for any updates to finish downloading/installing, then click Close in the update window
  • Click on Scan
  • If nothing is found, then close RogueRemover
  • If RogueRemover did find something, it will present a list of detected items
  • Click Remove selected
  • Click YES at the prompt
  • Click Ok when it informs you it's saved a logfile
  • Wait for removal to complete & then close RogueRemover
  • Use notepad to open this file
    • C:\Program Files\RogueRemover\RRLog******.txt
  • (Note: ****** is the time when you ran RogueRemover)
Please post those results in your next reply.
----------------------------------------------
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
----------------------------------------------
Post back:
Jotti results.
RogueRemover report.
SDFix report.
A new Hijackthis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: virus help please

Unread postby why me again » June 25th, 2008, 12:46 pm

thanks for your help

I do not know what "Remote Access Connection Manager RasManW32Time" is or means.
Also I do not have a file named ~.exe in my c:/windows/system32 directory to upload to Jotti



Malwarebytes' RogueRemover
Malwarebytes ©2007 http://www.malwarebytes.org
6526 total fingerprints loaded.

Loading database ...
Expanding environmental variables ...

Scanning files ... [ 100% ].
Scanning folders ... [ 100% ].
Scanning registry keys ... [ 100% ].
Scanning registry values ... [ 100% ].

RogueRemover has detected rogue antispyware components! Results below...

Type: File
Vendor: Rogue.Infector
Location: C:\WINDOWS\system32\dcggain.dll
Selected for removal: Yes

Type: File
Vendor: VirusHeat
Location: C:\Documents and Settings\Ariel\Start Menu\VirusHeat 4.3.lnk
Selected for removal: Yes

Type: Folder
Vendor: Rogue.Misc
Location: C:\WINDOWS\privacy_danger
Selected for removal: Yes

Type: Registry Key
Vendor: Rogue.Infector
Location: HKEY_CLASSES_ROOT\CLSID\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}
Selected for removal: Yes

Type: Registry Key
Vendor: Rogue.Misc
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
Selected for removal: Yes

Type: Registry Key
Vendor: Rogue.Misc
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVPS.MSVPSApp
Selected for removal: Yes

Type: Registry Key
Vendor: Rogue.Misc
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin
Selected for removal: Yes

Type: Registry Value
Vendor: Rogue.Infector
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}
Selected for removal: Yes

RogueRemover has found the objects above.



SDFix: Version 1.197
Run by Ariel on Wed 06/25/2008 at 11:22 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\Resources\KernelRom.dll - Deleted
C:\WINDOWS\Resources\WinUnknown.dll - Deleted
C:\WINDOWS\RETADP~1.EXE - Deleted
C:\Program Files\tmp0.exe - Deleted
C:\Program Files\tmp1.exe - Deleted
C:\Program Files\tmp2.exe - Deleted
C:\Program Files\tmp3.exe - Deleted
C:\Documents and Settings\Ariel\Application Data\TmpRecentIcons\AntiSpywareMaster.lnk - Deleted
C:\Documents and Settings\Ariel\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk - Deleted
C:\Documents and Settings\Ariel\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk - Deleted
C:\Documents and Settings\Ariel\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Ariel\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Ariel\Favorites\Spyware&Malware Protection.url - Deleted
C:\DOCUME~1\Ariel\LOCALS~1\Temp\zfe2.exe - Deleted
C:\WINDOWS\retadpu72.exe - Deleted
C:\Documents and Settings\Ariel\Favorites\Online Security Test.url - Deleted
C:\DOCUME~1\Ariel\LOCALS~1\Temp\ProductPath\pgs.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\svc.exe - Deleted
C:\WINDOWS\system32\209789\209789.dll - Deleted
C:\WINDOWS\wr.txt - Deleted



Folder C:\Documents and Settings\Ariel\Start Menu\XP Antivirus 2008 - Removed
Folder C:\WINDOWS\system32\209789 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 11:30:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Disabled:Earthlink"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 23 Oct 2007 140,288 ..SHR --- "C:\Program Files\PhoTags\Setup.exe"
Sun 25 Jul 2004 40,448 A.SHR --- "C:\Program Files\PhoTags\_Setupx.dll"
Sun 25 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 22 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\Ariel\My Documents\~WRL1935.tmp"
Fri 20 Jun 2008 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"
Fri 11 Aug 2006 1,516 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2.tmp"
Tue 23 Oct 2007 72,704 ..SHR --- "C:\Documents and Settings\Geoffrey\Local Settings\Temp\sdexe.exe"
Sun 18 Mar 2007 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Sun 18 Mar 2007 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"

Finished!



Logfile of Trend Micro

HijackThis v2.0.2
Scan saved at 11:45:33 AM,

on 6/25/2008
Platform: Windows XP SP2

(WinNT 5.01.2600)
MSIE: Internet Explorer

v6.00 SP2

(6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32

\smss.exe
C:\WINDOWS\system32

\winlogon.exe
C:\WINDOWS\system32

\services.exe
C:\WINDOWS\system32

\lsass.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\System32

\svchost.exe
C:\Program

Files\Common

Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32

\spoolsv.exe
C:\Program

Files\Common

Files\LightScribe\LSSrvc.

exe
C:\Program Files\Norton

AntiVirus\navapsvc.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\Explorer.E

XE
C:\WINDOWS\system32

\wscntfy.exe
C:\Program

Files\Synaptics\SynTP\S

ynTPLpr.exe
C:\Program

Files\Synaptics\SynTP\S

ynTPEnh.exe
C:\Program

Files\Java\jre1.6.0_03

\bin\jusched.exe
C:\Program

Files\QuickTime\qttask.ex

e
C:\hp\drivers\hplsbwatch

er\lsburnwatcher.exe
C:\Program

Files\Common

Files\InstallShield\Update

Service\issch.exe
C:\WINDOWS\system32

\igfxtray.exe
C:\Program Files\Hp\HP

Software

Update\HPWuSchd2.exe
C:\WINDOWS\system32

\hkcmd.exe
C:\Program

Files\HPQ\Quick Launch

Buttons\EabServr.exe
C:\Program

Files\Common

Files\Symantec

Shared\ccApp.exe
C:\Program

Files\iTunes\iTunesHelper

.exe
C:\Program Files\BillP

Studios\WinPatrol\winpatr

ol.exe
C:\Program

Files\iPod\bin\iPodServic

e.exe
C:\Program

Files\Messenger\msmsgs.

exe
C:\Documents and

Settings\Ariel\Desktop\Hij

ackThis.exe
C:\Program Files\Internet

Explorer\IEXPLORE.EXE

O2 - BHO: AcroIEHlprObj

Class - {06849E9F-C8D7

-4D59-B87D-

784B7D6BE0B3} -

C:\Program

Files\Adobe\Acrobat 6.0

\Reader\ActiveX\AcroIEH

elper.dll
O2 - BHO: SSVHelper

Class - {761497BB-D6F0-

462C-B6EB-

D4DAF1D92D43} -

C:\Program

Files\Java\jre1.6.0_03

\bin\ssv.dll
O2 - BHO: (no name) -

{AA5B23BE-0608-4800-

8BAF-B43BAE38225F} -

C:\WINDOWS\system32

\xxyyYSIb.dll (file missing)
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-

A544-FADC6B084872} -

C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton

AntiVirus - {42CDD1BF-

3FFB-4238-8AD1-

7859DF00B1D6} -

C:\Program Files\Norton

AntiVirus\NavShExt.dll
O4 - HKLM\..\Run:

[SynTPLpr] C:\Program

Files\Synaptics\SynTP\S

ynTPLpr.exe
O4 - HKLM\..\Run:

[SynTPEnh] C:\Program

Files\Synaptics\SynTP\S

ynTPEnh.exe
O4 - HKLM\..\Run:

[SunJavaUpdateSched]

"C:\Program

Files\Java\jre1.6.0_03

\bin\jusched.exe"
O4 - HKLM\..\Run:

[QuickTime Task]

"C:\Program

Files\QuickTime\qttask.ex

e" -atboottime
O4 - HKLM\..\Run:

[LSBWatcher]

c:\hp\drivers\hplsbwatche

r\lsburnwatcher.exe
O4 - HKLM\..\Run:

[ISUSScheduler]

"C:\Program

Files\Common

Files\InstallShield\Update

Service\issch.exe" -start
O4 - HKLM\..\Run:

[ISUSPM Startup]

C:\PROGRA~1

\COMMON~1\INSTAL~1

\UPDATE~1\ISUSPM.exe

-startup
O4 - HKLM\..\Run:

[IgfxTray]

C:\WINDOWS\system32

\igfxtray.exe
O4 - HKLM\..\Run:

[hpWirelessAssistant] "%

ProgramFiles%\HPQ\HP

Wireless Assistant\HP

Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP

Software Update]

C:\Program Files\Hp\HP

Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run:

[HotKeysCmds]

C:\WINDOWS\system32

\hkcmd.exe
O4 - HKLM\..\Run:

[eabconfg.cpl] C:\Program

Files\HPQ\Quick Launch

Buttons\EabServr.exe

/Start
O4 - HKLM\..\Run:

[Cpqset] C:\Program

Files\HPQ\Default

Settings\cpqset.exe
O4 - HKLM\..\Run:

[ccRegVfy] "C:\Program

Files\Common

Files\Symantec

Shared\ccRegVfy.exe"
O4 - HKLM\..\Run:

[ccApp] "C:\Program

Files\Common

Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run:

[iTunesHelper]

C:\Program

Files\iTunes\iTunesHelper

.exe
O4 - HKLM\..\Run:

[WinPatrol] C:\Program

Files\BillP

Studios\WinPatrol\winpatr

ol.exe -expressboot
O4 - HKCU\..\Run:

[MSMSGS] "C:\Program

Files\Messenger\msmsgs.

exe" /background
O4 - HKCU\..\Run:

[HijackThis startup scan]

C:\Documents and

Settings\Ariel\Desktop\Hij

ackThis.exe /startupscan
O4 - HKUS\S-1-5-18

\..\Run: [ALUAlert]

C:\Program

Files\Symantec\LiveUpdat

e\ALUNotify.exe (User

'SYSTEM')
O4 -

HKUS\.DEFAULT\..\Run:

[ALUAlert] C:\Program

Files\Symantec\LiveUpdat

e\ALUNotify.exe (User

'Default user')
O4 - Global Startup:

Microsoft Office.lnk =

C:\Program

Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu

item: &Google Search -

res://c:\program

files\google\GoogleToolba

r2.dll/cmsearch.html
O8 - Extra context menu

item: &Translate English

Word - res://c:\program

files\google\GoogleToolba

r2.dll/cmwordtrans.html
O8 - Extra context menu

item: Backward Links -

res://c:\program

files\google\GoogleToolba

r2.dll/cmbacklinks.html
O8 - Extra context menu

item: Cached Snapshot of

Page - res://c:\program

files\google\GoogleToolba

r2.dll/cmcache.html
O8 - Extra context menu

item: E&xport to Microsoft

Excel -

res://C:\PROGRA~1

\MICROS~4\Office10

\EXCEL.EXE/3000
O8 - Extra context menu

item: Similar Pages -

res://c:\program

files\google\GoogleToolba

r2.dll/cmsimilar.html
O8 - Extra context menu

item: Translate Page into

English - res://c:\program

files\google\GoogleToolba

r2.dll/cmtrans.html
O9 - Extra button: (no

name) - {08B0E5C0-

4FCB-11CF-AAA5-

00401C608501} -

C:\Program

Files\Java\jre1.6.0_03

\bin\ssv.dll
O9 - Extra 'Tools'

menuitem: Sun Java

Console - {08B0E5C0-

4FCB-11CF-AAA5-

00401C608501} -

C:\Program

Files\Java\jre1.6.0_03

\bin\ssv.dll
O9 - Extra button:

Research - {92780B25-

18CC-41C8-B9BE-

3C9C571A8263} -

C:\PROGRA~1

\MICROS~4\OFFICE11

\REFIEBAR.DLL
O9 - Extra button:

Messenger - {FB5F1910-

F110-11d2-BB9E-

00C04F795683} -

C:\Program

Files\Messenger\msmsgs.

exe
O9 - Extra 'Tools'

menuitem: Windows

Messenger - {FB5F1910-

F110-11d2-BB9E-

00C04F795683} -

C:\Program

Files\Messenger\msmsgs.

exe
O14 - IERESET.INF:

START_PAGE_URL=http:/

/ie.redirect.hp.com/svs/rd

r?

TYPE=3&tp=iehome&local

e=EN_US&c=Q305&bd=pa

vilion&pf=laptop
O16 - DPF: {B4A78D29-

52B1-4A7B-BAC0-

1471BEDF9836} -

http://xscanner.shredders

can.com/setup/webinst.ca

b
O23 - Service: Symantec

Event Manager (ccEvtMgr)

- Symantec Corporation -

C:\Program

Files\Common

Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec

Password Validation

Service (ccPwdSvc) -

Symantec Corporation -

C:\Program

Files\Common

Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: HP WMI

Interface (hpqwmi) -

Hewlett-Packard

Development Company,

L.P. - C:\Program

Files\HPQ\SHARED\HPQ

WMI.exe
O23 - Service: InstallDriver

Table Manager (IDriverT) -

Macrovision Corporation -

C:\Program

Files\Common

Files\InstallShield\Driver\

1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service

(iPodService) - Apple

Computer, Inc. -

C:\Program

Files\iPod\bin\iPodServic

e.exe
O23 - Service:

LightScribeService Direct

Disc Labeling Service

(LightScribeService) -

Unknown owner -

C:\Program

Files\Common

Files\LightScribe\LSSrvc.

exe
O23 - Service:

MSCSPTISRV - Sony

Corporation - C:\Program

Files\Common Files\Sony

Shared\AVLib\MSCSPTIS

RV.exe
O23 - Service: Norton

AntiVirus Auto Protect

Service (navapsvc) -

Symantec Corporation -

C:\Program Files\Norton

AntiVirus\navapsvc.exe
O23 - Service:

PACSPTISVR - Sony

Corporation - C:\Program

Files\Common Files\Sony

Shared\AVLib\PACSPTIS

VR.exe
O23 - Service: Remote

Access Connection

Manager RasManW32Time

(RasManW32Time) -

Unknown owner -

C:\WINDOWS\system32

\~.exe (file missing)
O23 - Service:

ScriptBlocking Service

(SBService) - Symantec

Corporation -

C:\PROGRA~1

\COMMON~1

\SYMANT~1\SCRIPT~1

\SBServ.exe
O23 - Service: Sony SPTI

Service (SPTISRV) - Sony

Corporation - C:\Program

Files\Common Files\Sony

Shared\AVLib\SPTISRV.e

xe
O23 - Service: SonicStage

SCSI Service (SSScsiSV) -

Sony Corporation -

C:\Program

Files\Common Files\Sony

Shared\AVLib\SSScsiSV.

exe
O24 - Desktop Component

0: Privacy Protection -

file:///C:\WINDOWS\priv

acy_danger\index.htm

--
End of file - 7592 bytes
why me again
Active Member
 
Posts: 3
Joined: June 20th, 2008, 12:13 pm

Re: virus help please

Unread postby chryssi2001 » June 25th, 2008, 1:19 pm

Hello why me again,

Please remove RogueRemover, and the report it created, as we will not need it anymore.
----------------------------------------------
LIST OF PROGRAMS USING HIJACKTHIS
  • Open HijackThis.
  • Click on Open the Misc Tools section.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Ariel\Desktop\HijackThis.exe /startupscan

Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
Your HijackThis log, is messed up, thus unreadable. This is caused by having Word Wrap checked.
So before posting a new Hijackthis Log:

1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears un-checked.
----------------------------------------------
Post back:
Programs list.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: virus help please

Unread postby Elrond » June 30th, 2008, 3:25 pm

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Elrond
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware