Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please help me to get rid of viruses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: please help me to get rid of viruses

Unread postby chryssi2001 » October 25th, 2008, 2:03 am

Hello omardomard,

Do not worry about my time, it's ok.

It looks that Malwarebytes' Anti-Malware needed to run a 2nd time.
Now every infections it showed is removed.
----------------------------------------------
Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:
C:\Program Files\win32pad_1_5_10\win32pad.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
----------------------------------------------
JavaRa

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, and copy/paste it back in this topic.
  • In case the logfile doesn't pop up, you can find it here: C:\JavaRa.log
----------------------------------------------
Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 7.
  • Go to http://java.sun.com/products/archive/j2se/6u7/index.html
  • Click on Download JRE
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u7-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
----------------------------------------------
Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
----------------------------------------------
Post back:
Jotti results.
JavaRa report.
Kaspersky report.
A new HijackThis log.
Tell me how the pc is running now.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

Re: please help me to get rid of viruses

Unread postby omardomard » October 25th, 2008, 10:01 pm

hellow chryssi2001 thats the orderd files:
but give me sometime to see the state of my pc.

1-Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%

File: win32pad.exe
Status: OK
MD5: 91b3ba248de2287418a10a78f55bfa41
Packers detected: -




2-JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat Oct 25 20:22:36 2008

Found and removed: C:\Windows\System32\jpicpl32.cpl Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510007 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510007 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510007 Found and removed: SOFTWARE\Classes\JavaPlugin.150_07 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_07 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150070} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_07 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_07\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting.



3-Malwarebytes' Anti-Malware 1.30
Database version: 1312
Windows 5.1.2600 Service Pack 2, v.2096

26/10/2008 12:53:37 AM
mbam-log-2008-10-26 (00-53-37).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 69683
Time elapsed: 22 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\ad[2].css (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.vbs (Trojan.Agent) -> Quarantined and deleted successfully.



--------------------------------------------------------------------------------
4-KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2, v.2096 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 25, 2008 21:35:00
Records in database: 1346615
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 29887
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:30:28

No malware has been detected. The scan area is clean.

The selected area was scanned.



5-Logfile of HijackThis v1.99.1
Scan saved at 3:47:08 AM, on 26/10/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\setup\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\supervisor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Download Manager\bin\IDMan.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\bin\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\bin\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\bin\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E9C819-D588-4ACD-8B05-CA52741F53C6}: NameServer = 163.121.128.134,163.121.128.135
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\setup\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
omardomard
Active Member
 
Posts: 12
Joined: October 14th, 2008, 6:17 pm

Re: please help me to get rid of viruses

Unread postby omardomard » October 25th, 2008, 11:13 pm

Hellow chrysi2001, i,d like to tell you that my avg antivirus scheduled scan finished 25/10/2008 found 14 infections and one warning.
The virus vault contains many infections starting from 10/10/2008 till 23/10/2008.The resident shield detection list contains 1680 records starting from 10/10/2008 till 26/10/2008.What i can do with this infections ,detections and warnings to be in the safe side.
Many alerts from avg denoting that threat detected or threat removed are still rising when starting IE browser or yahoo messenger.In addition IE takes a long time to start.
omardomard
Active Member
 
Posts: 12
Joined: October 14th, 2008, 6:17 pm

Re: please help me to get rid of viruses

Unread postby chryssi2001 » October 26th, 2008, 2:00 am

Hello omardomard,

The resident shield detection list contains 1680 records starting from 10/10/2008 till 26/10/2008.What i can do with this infections ,detections and warnings to be in the safe side.

Can you copy the latest ones like the ones for 25.10.08 and 26.10.08 here? And then move them all to virus vault, and empty it.

It looks there is still some infection there.
----------------------------------------------
Please download ATF cleaner
Make sure that all browser windows are closed.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


Then close all windows except Hijackthis and click Fix Checked
----------------------------------------------
With HijackThis still open i need this:

LIST OF PROGRAMS USING HIJACKTHIS
  • Go in Main Tab.
  • If you can't see it click on "Misc. Tools"
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
----------------------------------------------
FileLook

Please download FileLook by jpshortstuff from one of these mirrors:
Link 1
Link 2
  • Double-click FileLook.exe to run it. (Vista users will almost certainly have to right click and select Run As Administrator)
  • Ensure that the BBCode Ouput checkbox is checked.
  • Copy the content of the following codebox into the main textfield:

    Code: Select all
    HBmhly.dll /s
    HBSO2.dll /s
    HBFY.dll /s
    HBKDXY.dll /s
    HBZHUXIAN.dll /s
    HBBO.dll /s
    HBCHIBI.dll /s
    HBQQSG.dll /s
    HBQQFFO.dll /s
    HBZG.dll /s

  • Click the FileLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at C:\fl_log.txt
----------------------------------------------
Post back:
A new HijackThis log.
Programs list.
FileLook report.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: please help me to get rid of viruses

Unread postby omardomard » October 26th, 2008, 6:32 pm

Hellow chryssi2001 , thats the requested post

1-avg detection 25/10 and 26/10/2008
Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"

Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\index[1].htm";"Deleted";"25/10/2008, 12:06:37 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\index[2].htm";"Infected";"25/10/2008, 12:06:41 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\sina[1].htm";"Infected";"25/10/2008, 12:06:49 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\14[2].htm";"Infected";"25/10/2008, 12:06:52 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\office[2].htm";"Infected";"25/10/2008, 12:06:55 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\re11[2].htm";"Infected";"25/10/2008, 12:07:01 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\sina[2].htm";"Infected";"25/10/2008, 12:07:04 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\14[2].htm";"Infected";"25/10/2008, 12:07:11 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\office[2].htm";"Infected";"25/10/2008, 12:07:18 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\re11[2].htm";"Infected";"25/10/2008, 12:07:24 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\ihhh[1].htm";"Infected";"25/10/2008, 12:07:31 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\ihhh[1].htm";"Infected";"25/10/2008, 12:07:42 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 12:08:22 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 12:08:26 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\index[2].htm";"Deleted";"25/10/2008, 12:08:53 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\index[1].htm";"Infected";"25/10/2008, 12:08:58 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\sina[2].htm";"Infected";"25/10/2008, 12:09:04 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\14[2].htm";"Infected";"25/10/2008, 12:09:08 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\office[2].htm";"Infected";"25/10/2008, 12:09:12 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\re11[2].htm";"Infected";"25/10/2008, 12:09:16 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\sina[1].htm";"Infected";"25/10/2008, 12:09:19 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\14[3].htm";"Infected";"25/10/2008, 12:09:28 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\office[3].htm";"Infected";"25/10/2008, 12:09:35 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\re11[3].htm";"Infected";"25/10/2008, 12:09:43 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\ihhh[1].htm";"Infected";"25/10/2008, 12:09:49 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\ihhh[1].htm";"Infected";"25/10/2008, 12:09:54 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 12:10:08 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 12:10:12 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\index[1].htm";"Deleted";"25/10/2008, 12:12:57 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\index[1].htm";"Infected";"25/10/2008, 12:13:01 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\sina[1].htm";"Infected";"25/10/2008, 12:13:08 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\gbu[1].gif";"Infected";"25/10/2008, 12:13:10 AM";"file";"C:\WINDOWS\Explorer.EXE"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2X87YDWV\gbu[3].gif";"Infected";"25/10/2008, 12:13:10 AM";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\14[3].htm";"Infected";"25/10/2008, 12:13:14 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\office[3].htm";"Infected";"25/10/2008, 12:13:20 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"25/10/2008, 12:13:20 AM";"file";"C:\WINDOWS\Explorer.EXE"
Trojan horse Downloader.Generic7.ORH;"C:\WINDOWS\TEMP\wmsetup.dll";"Infected";"25/10/2008, 12:13:21 AM";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\re11[3].htm";"Infected";"25/10/2008, 12:13:27 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\sina[2].htm";"Infected";"25/10/2008, 12:13:32 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\14[2].htm";"Infected";"25/10/2008, 12:13:40 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\office[2].htm";"Infected";"25/10/2008, 12:13:47 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\re11[1].htm";"Infected";"25/10/2008, 12:13:54 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\ihhh[1].htm";"Infected";"25/10/2008, 12:14:01 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\ihhh[2].htm";"Infected";"25/10/2008, 12:14:05 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 12:14:20 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 12:14:24 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\index[1].htm";"Deleted";"25/10/2008, 12:17:38 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\index[1].htm";"Infected";"25/10/2008, 12:17:48 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\sina[2].htm";"Infected";"25/10/2008, 12:17:56 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\14[2].htm";"Infected";"25/10/2008, 12:17:59 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\office[2].htm";"Infected";"25/10/2008, 12:18:02 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\re11[1].htm";"Infected";"25/10/2008, 12:18:05 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\sina[1].htm";"Infected";"25/10/2008, 12:18:09 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\14[1].htm";"Infected";"25/10/2008, 12:18:15 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\office[1].htm";"Infected";"25/10/2008, 12:18:20 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\re11[2].htm";"Infected";"25/10/2008, 12:18:25 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\ihhh[2].htm";"Infected";"25/10/2008, 12:18:32 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\ihhh[1].htm";"Infected";"25/10/2008, 12:18:36 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 12:18:51 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 12:18:54 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\gbu[1].gif";"Infected";"25/10/2008, 12:22:47 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"25/10/2008, 12:22:56 AM";"file";"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\gbu[1].gif";"Infected";"25/10/2008, 12:04:16 PM";"file";"C:\WINDOWS\Explorer.EXE"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"25/10/2008, 8:36:32 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"25/10/2008, 10:54:03 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"25/10/2008, 11:13:10 PM";"file";"C:\WINDOWS\Explorer.EXE"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\index[1].htm";"Infected";"25/10/2008, 11:44:26 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\ihhh[1].htm";"Infected";"25/10/2008, 11:44:27 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\sina[1].htm";"Infected";"25/10/2008, 11:44:27 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\office[1].htm";"Infected";"25/10/2008, 11:44:27 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\re11[2].htm";"Infected";"25/10/2008, 11:44:27 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 11:44:35 PM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"25/10/2008, 11:44:35 PM";"file";"C:\WINDOWS\System32\WScript.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\index[1].htm";"Infected";"26/10/2008, 12:14:37 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\index[1].htm";"Infected";"26/10/2008, 12:15:24 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\index[1].htm";"Infected";"26/10/2008, 12:19:07 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Downloader.Generic7.ORH;"C:\WINDOWS\Temp\wmsetup.dll";"Infected";"26/10/2008, 12:33:44 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2X87YDWV\gbu[1].gif";"Infected";"26/10/2008, 12:34:41 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2X87YDWV\gbu[2].gif";"Infected";"26/10/2008, 12:34:41 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2X87YDWV\gbu[3].gif";"Infected";"26/10/2008, 12:34:41 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\Administrator\Local Settings\Temp\WMSETUP.DLL";"Infected";"26/10/2008, 12:34:44 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 12:34:45 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\sina[1].htm";"Infected";"26/10/2008, 12:34:53 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\14[1].htm";"Infected";"26/10/2008, 12:34:53 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\office[1].htm";"Infected";"26/10/2008, 12:34:54 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\gbu[1].gif";"Infected";"26/10/2008, 12:34:54 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\index[1].htm";"Infected";"26/10/2008, 12:34:55 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\re11[2].htm";"Infected";"26/10/2008, 12:34:56 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\gbu[2].gif";"Infected";"26/10/2008, 12:34:57 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\ihhh[1].htm";"Infected";"26/10/2008, 12:35:00 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 12:53:34 AM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\index[1].htm";"Infected";"26/10/2008, 3:31:54 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\ihhh[1].htm";"Infected";"26/10/2008, 3:31:55 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\sina[1].htm";"Infected";"26/10/2008, 3:31:55 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\office[1].htm";"Infected";"26/10/2008, 3:31:55 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\re11[1].htm";"Infected";"26/10/2008, 3:31:56 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 3:31:59 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 3:31:59 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2X87YDWV\gbu[4].gif";"Infected";"26/10/2008, 3:44:02 AM";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"26/10/2008, 3:44:04 AM";"file";"C:\WINDOWS\Explorer.EXE"
Trojan horse Downloader.Generic7.ORH;"C:\WINDOWS\TEMP\wmsetup.dll";"Infected";"26/10/2008, 3:44:04 AM";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"26/10/2008, 4:04:01 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\index[2].htm";"Infected";"26/10/2008, 4:13:06 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\ihhh[1].htm";"Infected";"26/10/2008, 4:13:08 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\sina[1].htm";"Infected";"26/10/2008, 4:13:08 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\office[1].htm";"Infected";"26/10/2008, 4:13:08 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\re11[1].htm";"Infected";"26/10/2008, 4:13:08 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 4:13:12 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 4:13:13 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\index[2].htm";"Deleted";"26/10/2008, 5:01:29 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\index[3].htm";"Infected";"26/10/2008, 5:01:29 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\sina[1].htm";"Infected";"26/10/2008, 5:01:30 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\14[1].htm";"Infected";"26/10/2008, 5:01:30 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\office[1].htm";"Infected";"26/10/2008, 5:01:30 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\re11[1].htm";"Infected";"26/10/2008, 5:01:30 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\ihhh[1].htm";"Infected";"26/10/2008, 5:01:30 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\office[1].htm";"Infected";"26/10/2008, 5:01:31 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5PHJMDL\gbu[2].gif";"Infected";"26/10/2008, 8:49:00 AM";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Downloader.Generic7.ORH;"C:\WINDOWS\TEMP\wmsetup.dll";"Infected";"26/10/2008, 8:49:01 AM";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"26/10/2008, 8:49:04 AM";"file";"C:\WINDOWS\Explorer.EXE"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\x[1].htm";"Infected";"26/10/2008, 10:34:36 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\sina[1].htm";"Infected";"26/10/2008, 10:34:37 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\ihhh[1].htm";"Infected";"26/10/2008, 10:34:37 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\office[1].htm";"Infected";"26/10/2008, 10:34:37 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\re11[1].htm";"Infected";"26/10/2008, 10:34:38 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 10:34:44 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 10:34:44 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\x[1].htm";"Deleted";"26/10/2008, 10:35:38 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\x[1].htm";"Infected";"26/10/2008, 10:35:39 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\sina[1].htm";"Infected";"26/10/2008, 10:35:40 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\14[1].htm";"Infected";"26/10/2008, 10:35:40 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\office[1].htm";"Infected";"26/10/2008, 10:35:40 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\re11[1].htm";"Infected";"26/10/2008, 10:35:40 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\ihhh[1].htm";"Infected";"26/10/2008, 10:35:40 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\sina[1].htm";"Infected";"26/10/2008, 10:35:41 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\office[1].htm";"Infected";"26/10/2008, 10:35:41 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\ihhh[1].htm";"Infected";"26/10/2008, 10:35:41 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 10:35:45 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 10:35:46 AM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"26/10/2008, 6:19:25 PM";"file";"C:\WINDOWS\Explorer.EXE"
Trojan horse Downloader.Generic7.ORH;"C:\WINDOWS\TEMP\wmsetup.dll";"Infected";"26/10/2008, 6:19:25 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\x[1].htm";"Infected";"26/10/2008, 8:25:40 PM";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\office[1].htm";"Infected";"26/10/2008, 8:25:41 PM";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4PWLKCUY\sina[1].htm";"Infected";"26/10/2008, 8:25:44 PM";"file";"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Trojan horse Downloader.Generic7.ORH;"C:\WINDOWS\TEMP\wmsetup.dll";"Infected";"26/10/2008, 8:26:27 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"26/10/2008, 8:26:32 PM";"file";"C:\WINDOWS\Explorer.EXE"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\gbu[2].gif";"Infected";"26/10/2008, 8:39:00 PM";"file";"C:\WINDOWS\Explorer.EXE"
Trojan horse Downloader.Generic7.ORH;"C:\WINDOWS\TEMP\wmsetup.dll";"Infected";"26/10/2008, 8:39:01 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Downloader.Generic7.ORH;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.dll";"Infected";"26/10/2008, 8:39:02 PM";"file";"C:\WINDOWS\Explorer.EXE"
Trojan horse Downloader.Generic7.ORH;"C:\WINDOWS\Temp\wmsetup.dll";"Infected";"26/10/2008, 10:41:31 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2X87YDWV\gbu[1].gif";"Infected";"26/10/2008, 10:42:49 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2X87YDWV\gbu[2].gif";"Infected";"26/10/2008, 10:42:49 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2X87YDWV\gbu[3].gif";"Infected";"26/10/2008, 10:42:49 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5PHJMDL\gbu[1].gif";"Infected";"26/10/2008, 10:42:50 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5PHJMDL\gbu[2].gif";"Infected";"26/10/2008, 10:42:50 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5PHJMDL\gbu[3].gif";"Infected";"26/10/2008, 10:42:50 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5PHJMDL\gbu[4].gif";"Infected";"26/10/2008, 10:42:50 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5PHJMDL\gbu[5].gif";"Infected";"26/10/2008, 10:42:50 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\Administrator\Local Settings\Temp\wmsetup.dll";"Infected";"26/10/2008, 10:42:51 PM";"file";"C:\Program Files\ats.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 10:42:54 PM";"file";"C:\Program Files\ats.exe"
Trojan horse Downloader.Generic7.ORH;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\gbu[1].gif";"Infected";"26/10/2008, 10:43:11 PM";"file";"C:\Program Files\ats.exe"
Virus found Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\x[1].htm";"Infected";"26/10/2008, 11:24:23 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTUJKFS5\sina[1].htm";"Infected";"26/10/2008, 11:24:24 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\office[1].htm";"Infected";"26/10/2008, 11:24:24 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Exploit;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CV8R4BC1\re11[1].htm";"Infected";"26/10/2008, 11:24:25 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse JS/Downloader.Agent;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XAHUVQR\ihhh[1].htm";"Infected";"26/10/2008, 11:24:27 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 11:24:34 PM";"file";"C:\WINDOWS\System32\WScript.exe"
Trojan horse PSW.OnlineGames_r.E;"C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.pif";"Infected";"26/10/2008, 11:24:35 PM";"file";"C:\WINDOWS\System32\WScript.exe"


2-Logfile of HijackThis v1.99.1
Scan saved at 12:21:33 AM, on 27/10/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\setup\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\supervisor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Download Manager\bin\IDMan.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\bin\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O8 - Extra context menu item: &Download with &DAP - E:\desktop\c\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - E:\desktop\c\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\bin\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\bin\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E9C819-D588-4ACD-8B05-CA52741F53C6}: NameServer = 163.121.128.134,163.121.128.135
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\setup\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

3-program list using hjt
Ad-Aware
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Anti-Trojan Shield 2
AVG Free 8.0
Calculator Powertoy for Windows XP
ERUNT 1.1j
Free Window Registry Repair
Google Desktop
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Hijackthis 1.99.1
HijackThis 1.99.1
Intel(R) Extreme Graphics Driver Software
Intel(R) PRO Network Adapters and Drivers
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 1.53
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
PhotoFiltre
Picasa 2
RealPlayer
Realtek AC'97 Audio
SpywareBlaster 4.1
TrojanHunter 5.0
Winamp AudioPlayer
Windows Installer 3.1 (KB893803)
WinRAR archiver
Yahoo! Messenger
Zuma Deluxe RA

4-filelook
FileLook.exe v1.0 by jpshortstuff
Log created at 22:16:54 on 26/10/2008

==============================
FileLook - Bmhly.dll /s

Unable to find file.

==============================
FileLook - BSO2.dll /s

Unable to find file.

==============================
FileLook - BFY.dll /s

Unable to find file.

==============================
FileLook - BKDXY.dll /s

Unable to find file.

==============================
FileLook - BZHUXIAN.dll /s

Unable to find file.

==============================
FileLook - BBO.dll /s

Unable to find file.

==============================
FileLook - BCHIBI.dll /s

Unable to find file.

==============================
FileLook - BQQSG.dll /s

Unable to find file.

==============================
FileLook - BQQFFO.dll /s

Unable to find file.

==============================
FileLook - BZG.dll /s

Unable to find file.

==============================

=EOF=
omardomard
Active Member
 
Posts: 12
Joined: October 14th, 2008, 6:17 pm

Re: please help me to get rid of viruses

Unread postby chryssi2001 » October 27th, 2008, 3:03 am

Hello omardomard,

Let's install the newer version of HijackThis.
----------------------------------------------
Download new version of HijackThis
Download HJTInstall.exe to your Desktop.

  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Do not scan now. Just close HijackThis.

----------------------------------------------
Go in Add/remove programs and uninstall:

Old version of HijackThis.
Hijackthis 1.99.1 << (It looks like it's installed twice)
HijackThis 1.99.1

Also this one:
DAP
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O8 - Extra context menu item: &Download with &DAP - E:\desktop\c\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\desktop\c\Program Files\DAP\dapextie2.htm


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
What is E:\ drive? Please remove DAP from it too.

Did you use ATF-Cleaner as i posted?

Did you remove all the findings of your Anti-Virus to quarantee folder and emptied it? If not please do it.
----------------------------------------------
Let's run another tool to see what else is there.
----------------------------------------------
Download ComboFix from one of these locations:
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this topic if you need help to disable your protection programs.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply along with a HijackThis log so we can continue cleaning the system.
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: please help me to get rid of viruses

Unread postby omardomard » October 28th, 2008, 10:07 pm

Dear chryssi2001 i am sorry to reply late.After installing the combofix my computer take a long time to start with a pop up saying:RUNDLL error loading c/windows update dll the specified module could not be found.IE And other programs could not be opened.As i need to work in my comp, itried to delete this value from the registry .and i deleted it.on starting my comp, now the pop up disappeared but the system still slow and programs still couldn,t opened .i am waiting for you to help me..Now i am using windows in safe mode with network.

as regarding your questions i actually did the exact as u ordered.
thats the logs of combofix and HJT:
but the window of query recovery console did not appear during installaion of combifix

ComboFix 08-10-28.01 - Administrator 2008-10-29 1:13:25.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.268 [GMT 2:00]
Running from: C:\Program Files\Internet Download Manager\Downloads\Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Messenger\msgmr.dll
C:\WINDOWS\AppPatch\AcSpecf.dll
C:\WINDOWS\AppPatch\AcXtrnel.sdb
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
C:\WINDOWS\Fonts\Framdee.ttf
C:\WINDOWS\system32\08223B03.cfg
C:\WINDOWS\system32\08223B03.dll
C:\WINDOWS\system32\122B901E.cfg
C:\WINDOWS\system32\122B901E.dll
C:\WINDOWS\system32\12B02216.cfg
C:\WINDOWS\system32\12B02216.dll
C:\WINDOWS\system32\22D75360.cfg
C:\WINDOWS\system32\22D75360.dll
C:\WINDOWS\system32\3474A8C2.cfg
C:\WINDOWS\system32\3474A8C2.dll
C:\WINDOWS\system32\43ACDCC5.cfg
C:\WINDOWS\system32\43ACDCC5.dll
C:\WINDOWS\system32\495271CA.cfg
C:\WINDOWS\system32\495271CA.dll
C:\WINDOWS\system32\4BF9CBA3.cfg
C:\WINDOWS\system32\4BF9CBA3.dll
C:\WINDOWS\system32\4D023DE9.cfg
C:\WINDOWS\system32\4D023DE9.dll
C:\WINDOWS\system32\4F34C688.dll
C:\WINDOWS\system32\5102a80.sys
C:\WINDOWS\system32\58FF3024.cfg
C:\WINDOWS\system32\58FF3024.dll
C:\WINDOWS\system32\9CA963CA.cfg
C:\WINDOWS\system32\9CA963CA.dll
C:\WINDOWS\system32\9F684DE8.dll
C:\WINDOWS\system32\A8FC611B.dll
C:\WINDOWS\system32\CABA599D.dll
C:\WINDOWS\system32\D7C79813.cfg
C:\WINDOWS\system32\D7C79813.dll
C:\WINDOWS\system32\DA63E650.cfg
C:\WINDOWS\system32\DA63E650.dll
C:\WINDOWS\system32\DE02F764.cfg
C:\WINDOWS\system32\DE02F764.dll
C:\WINDOWS\system32\drivers\HBKernel32.sys
C:\WINDOWS\system32\E0D39066.dll
C:\WINDOWS\system32\HBmhly.dll
C:\WINDOWS\system32\HBZG.dll
C:\WINDOWS\system32\HBZHUXIAN.dll
C:\windows\system32\system.exe
C:\WINDOWS\temp\wmsetup.dll
C:\WINDOWS\Update.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_5102a80
-------\Service_HBKernel32


((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.

2008-10-29 01:11 . 2008-10-29 01:11 216,520 --ahs---- C:\WINDOWS\system32\01BD9E17.dll
2008-10-29 01:11 . 2008-10-29 01:11 212 --ahs---- C:\WINDOWS\system32\01BD9E17.cfg
2008-10-29 01:09 . 2008-10-29 01:09 216,876 --ahs---- C:\WINDOWS\system32\E3367679.dll
2008-10-29 01:09 . 2008-10-29 01:09 208 --ahs---- C:\WINDOWS\system32\E3367679.cfg
2008-10-29 01:09 . 2008-10-29 01:09 180 --ahs---- C:\WINDOWS\system32\E0D39066.cfg
2008-10-29 01:08 . 2008-10-29 01:08 204 --ahs---- C:\WINDOWS\system32\CABA599D.cfg
2008-10-29 01:07 . 2008-10-29 01:07 184 --ahs---- C:\WINDOWS\system32\9F684DE8.cfg
2008-10-29 01:06 . 2008-10-29 01:06 200 --ahs---- C:\WINDOWS\system32\A8FC611B.cfg
2008-10-29 01:05 . 2008-10-29 01:05 5,504 --a------ C:\WINDOWS\system32\9fd8db.sys
2008-10-28 01:02 . 2008-10-28 01:02 <DIR> d--hs---- C:\FOUND.012
2008-10-28 00:16 . 2008-10-28 00:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 22:43 . 2008-10-26 22:43 <DIR> d-------- C:\Program Files\zip
2008-10-26 05:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-25 23:09 . 2008-10-25 23:09 <DIR> d-------- C:\WINDOWS\Sun
2008-10-22 18:54 . 2008-10-22 18:54 <DIR> d-------- C:\Program Files\ERUNT
2008-10-21 19:44 . 2008-10-21 19:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-10-19 21:05 . 2008-10-19 21:05 <DIR> d--hs---- C:\FOUND.011
2008-10-19 01:25 . 2008-10-19 01:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-10-19 01:09 . 2008-10-19 01:09 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-10-17 06:17 . 2008-10-17 06:17 <DIR> d-------- C:\Program Files\up
2008-10-17 06:15 . 2008-10-17 06:15 <DIR> d-------- C:\Program Files\logs
2008-10-17 05:41 . 2008-10-17 05:41 <DIR> d-------- C:\Downloads
2008-10-17 05:41 . 2008-10-17 05:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-10-17 04:49 . 2008-10-17 04:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-17 04:48 . 2008-10-17 04:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-17 03:19 . 2008-10-17 03:19 <DIR> d--hs---- C:\FOUND.010
2008-10-15 16:11 . 2008-10-15 16:11 <DIR> d--hs---- C:\FOUND.009
2008-10-12 03:49 . 2008-10-12 03:49 337 --a------ C:\WINDOWS\ST6UNST.006
2008-10-12 03:16 . 2008-10-12 03:16 706 --a------ C:\WINDOWS\ST6UNST.005
2008-10-12 03:14 . 2008-10-12 03:14 337 --a------ C:\WINDOWS\ST6UNST.004
2008-10-12 03:09 . 2008-10-12 03:09 337 --a------ C:\WINDOWS\ST6UNST.003
2008-10-12 03:02 . 2008-10-12 03:02 337 --a------ C:\WINDOWS\ST6UNST.002
2008-10-12 03:02 . 2008-10-12 03:02 337 --a------ C:\WINDOWS\ST6UNST.001
2008-10-12 02:59 . 2006-12-13 01:01 4,191,868 --------- C:\WINDOWS\Labook.CAB
2008-10-12 02:59 . 2008-10-12 03:49 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-10-12 02:59 . 2008-10-12 02:59 706 --a------ C:\WINDOWS\ST6UNST.000
2008-10-12 02:53 . 2006-09-09 14:00 66,082 --a------ C:\WINDOWS\system32\c_20420.nls
2008-10-12 02:47 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-10-12 02:47 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-10-12 02:47 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2008-10-12 02:47 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-10-12 02:47 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-10-12 02:47 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2008-10-12 02:47 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-10-12 02:47 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd106.dll
2008-10-12 02:47 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-10-12 02:47 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-10-12 02:47 . 2001-08-17 14:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2008-10-12 02:47 . 2001-08-17 14:55 5,632 --a------ C:\WINDOWS\system32\dllcache\kbd103.dll
2008-10-12 02:38 . 2008-10-12 02:38 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-11 02:12 . 2008-10-11 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-10-10 22:40 . 2008-10-10 22:40 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-10-10 21:57 . 2008-10-10 21:58 <DIR> dr-h----- C:\AHCache
2008-10-10 16:23 . 2008-10-10 16:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-10-10 14:21 . 2008-10-10 14:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gena01
2008-10-10 14:13 . 2008-10-10 14:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:13 . 2008-10-10 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:13 . 2008-10-10 14:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-10 14:13 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:13 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 03:55 . 2008-10-10 03:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-10 03:47 . 2008-10-10 03:47 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-10 03:47 . 2008-10-10 03:47 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-10 03:46 . 2008-10-10 03:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-10 03:46 . 2008-10-10 03:46 <DIR> d-------- C:\Program Files\AVG
2008-10-10 03:46 . 2008-10-10 03:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-10 03:46 . 2008-10-10 03:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-10-10 03:46 . 2008-10-10 03:47 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-10 03:26 . 2008-10-10 03:26 <DIR> d--hs---- C:\FOUND.008
2008-10-10 03:21 . 2008-10-10 03:21 <DIR> d--hs---- C:\FOUND.007
2008-10-10 03:15 . 2008-10-10 03:15 <DIR> d--hs---- C:\FOUND.006
2008-10-10 03:01 . 2008-10-10 03:01 <DIR> d--hs---- C:\FOUND.005
2008-10-10 02:50 . 2008-10-10 02:50 <DIR> d--hs---- C:\FOUND.004
2008-10-10 02:37 . 2008-10-10 02:37 <DIR> d--hs---- C:\FOUND.003
2008-10-10 02:35 . 2008-10-10 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-10-10 02:19 . 2008-10-10 02:19 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-10-10 02:08 . 2008-10-29 01:09 68 --a------ C:\WINDOWS\IDMan.INI
2008-10-10 01:35 . 2008-10-11 20:50 1,417 --a------ C:\WINDOWS\SysMech6.INI
2008-10-10 01:17 . 2008-10-10 01:17 <DIR> d-------- C:\Program Files\iolo
2008-10-09 18:35 . 2008-10-09 18:35 <DIR> d--hs---- C:\FOUND.002
2008-10-09 02:14 . 2008-10-09 02:14 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-10-09 02:10 . 2008-10-09 02:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-10-09 02:07 . 2008-08-26 15:23 118,784 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-10-09 02:03 . 2008-10-09 02:03 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-10-09 01:19 . 2008-10-09 01:19 <DIR> d--hs---- C:\FOUND.001
2008-10-09 00:36 . 2008-10-09 00:36 <DIR> d--hs---- C:\FOUND.000
2008-10-09 00:31 . 2008-10-09 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-10-09 00:31 . 2008-10-09 00:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\iolo
2008-10-09 00:28 . 2008-10-09 00:28 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-10-08 22:11 . 2008-10-08 22:11 196 --ahs---- C:\WINDOWS\system32\E14DEE75.cfg
2008-10-08 11:43 . 2008-10-08 11:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-10-08 01:44 . 2008-10-08 01:44 240 --ahs---- C:\WINDOWS\system32\D23B0004.cfg
2008-10-08 01:44 . 2008-10-08 01:44 200 --ahs---- C:\WINDOWS\system32\AF05A291.cfg
2008-10-08 01:42 . 2008-10-29 01:11 376 --ahs---- C:\WINDOWS\system32\4F34C688.cfg
2008-09-28 17:47 . 2008-10-10 22:14 169 --a------ C:\WINDOWS\RtlRack.ini
2008-09-28 12:23 . 2008-10-09 22:42 10 --a------ C:\WINDOWS\popcinfo.dat
2008-09-28 03:37 . 2008-09-28 03:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-28 03:26 . 2008-09-28 03:26 <DIR> d--hs---- C:\Recycled
2008-09-28 03:23 . 2008-09-28 03:23 <DIR> d-------- C:\Program Files\Real
2008-09-28 03:23 . 2008-09-28 03:23 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-28 03:23 . 2008-09-28 03:23 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-28 03:13 . 2008-09-28 03:13 <DIR> d-------- C:\Program Files\Picasa2
2008-09-28 03:13 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-28 03:13 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-28 03:09 . 2008-09-28 03:09 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-09-28 03:05 . 2008-09-28 03:05 <DIR> d-------- C:\Program Files\Google
2008-09-28 03:05 . 2008-09-28 03:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-28 02:47 . 2006-06-01 14:54 140,984 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-09-28 02:45 . 2008-09-28 02:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DMCache
2008-09-28 02:27 . 2008-09-28 02:27 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-09-28 02:27 . 2008-09-28 02:27 <DIR> d-------- C:\Program Files\XoftSpySE
2008-09-28 02:27 . 2008-09-28 02:27 <DIR> d-------- C:\Program Files\win32pad_1_5_10
2008-09-28 02:26 . 2008-09-28 02:26 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-28 02:26 . 2008-09-28 02:26 <DIR> d-------- C:\Program Files\PhotoFiltre
2008-09-28 02:26 . 2008-09-28 02:26 <DIR> d-------- C:\Program Files\Java
2008-09-28 02:26 . 2008-09-28 02:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-28 02:25 . 2008-09-28 02:25 <DIR> d-------- C:\Program Files\VMware
2008-09-28 02:16 . 2008-09-28 02:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-28 02:12 . 2008-09-28 02:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-09-28 02:04 . 2001-08-17 13:47 205,056 --a------ C:\WINDOWS\system32\drivers\Dot4.sys
2008-09-28 02:04 . 2001-08-17 13:47 205,056 --a------ C:\WINDOWS\system32\dllcache\dot4.sys
2008-09-28 02:04 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys
2008-09-28 02:04 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\dllcache\dot4prt.sys
2008-09-28 02:01 . 2006-01-30 18:00 442,368 -ra------ C:\WINDOWS\system32\ZSHP1018.EXE
2008-09-28 02:01 . 2006-01-30 18:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 22:12 13,824 --sha-w C:\Program Files\Thumbs.db
2008-10-17 04:18 63 ----a-w C:\Program Files\update.txt
2008-10-17 04:18 413,574 ----a-w C:\Program Files\vr2.pd5
2008-10-17 04:18 3,566 ----a-w C:\Program Files\rg.pdr
2008-10-17 04:18 27 ----a-w C:\Program Files\vr2.txt
2008-10-17 04:18 25 ----a-w C:\Program Files\rg.txt
2008-10-17 04:18 12 ----a-w C:\Program Files\lastupdatedate.txt
2008-10-17 04:17 95,288 ----a-w C:\Program Files\tr1.pd5
2008-10-17 04:17 9 ----a-w C:\Program Files\filelistexe3.txt
2008-10-17 04:17 79,292 ----a-w C:\Program Files\tr2.pd5
2008-10-17 04:17 35 ----a-w C:\Program Files\servers.txt
2008-10-17 04:17 27 ----a-w C:\Program Files\tr1.txt
2008-10-17 04:17 26 ----a-w C:\Program Files\tr2.txt
2008-10-17 04:17 16 ----a-w C:\Program Files\infopdg3.txt
2008-10-17 04:17 125 ----a-w C:\Program Files\descr.txt
2008-10-17 04:16 33 ----a-w C:\Program Files\cldir.ini
2008-09-28 01:23 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-27 23:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 23:50 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-09-27 23:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-27 23:50 --------- d-----w C:\Program Files\AvRack
2008-09-27 23:47 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-27 23:47 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-27 23:45 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-27 23:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-27 23:43 --------- d-----w C:\Program Files\Yahoo!
2008-09-27 23:43 --------- d-----w C:\Program Files\Winamp
2008-09-27 23:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-27 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-27 23:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\bsplayer
2008-09-27 23:34 --------- d-----w C:\Program Files\microsoft frontpage
2005-07-06 23:21 1,908,736 ----a-w C:\Program Files\ats.exe
2005-07-04 23:13 784,062 ----a-w C:\Program Files\vr1.pd5
2005-07-04 23:13 27 ----a-w C:\Program Files\vr1.txt
2005-06-17 18:51 2,847 ----a-w C:\Program Files\Order.frm.txt
2005-06-16 09:31 1,817 ----a-w C:\Program Files\Order.txt
2005-06-16 09:27 4,092 ----a-w C:\Program Files\Readme.txt
2005-06-16 09:23 4,666 ----a-w C:\Program Files\License.txt
2005-06-16 09:22 343,885 ----a-w C:\Program Files\ats.chm
2005-06-14 22:44 6,813 ----a-w C:\Program Files\msg.txt
2005-05-16 12:39 634 ----a-w C:\Program Files\update.exe.manifest
2005-05-06 22:58 3,287 ----a-w C:\Program Files\index.htm
2005-01-18 23:49 344 ----a-w C:\Program Files\ad1.pd5
2005-01-18 23:49 24 ----a-w C:\Program Files\ad1.txt
2004-12-27 01:26 5,453,776 ----a-w C:\Program Files\m1.pd5
2004-12-27 01:26 27 ----a-w C:\Program Files\m1.txt
2004-12-21 22:41 38,564 ----a-w C:\Program Files\sign1.pdg
2004-12-21 22:41 28 ----a-w C:\Program Files\sign1.txt
2004-08-31 15:53 2,766 ----a-w C:\Program Files\buy_online-over.gif
2004-08-31 15:39 2,764 ----a-w C:\Program Files\buy_offline-over.gif
2004-08-31 15:24 5,223 ----a-w C:\Program Files\ccards.gif
2004-08-31 11:04 2,689 ----a-w C:\Program Files\icon.gif
2004-08-28 23:45 262,656 ----a-w C:\Program Files\d1.exe
2004-01-30 03:31 292,352 ----a-w C:\Program Files\Sysinfo.exe
2003-08-30 14:50 199,168 ----a-w C:\Program Files\Uninstall.exe
2002-07-17 14:30 3 ----a-w C:\Program Files\mask.txt
2002-06-07 06:46 45 ----a-w C:\Program Files\support.txt
2002-03-25 21:35 319,488 ----a-w C:\Program Files\doorsdll.dll
2002-03-25 21:35 313,344 ----a-w C:\Program Files\contmenu.dll
2002-02-16 23:22 92,216 ----a-w C:\Program Files\UnGins.bmp
2002-01-08 01:22 1,448 ----a-w C:\Program Files\pilat.txt
2002-01-08 01:18 437 ----a-w C:\Program Files\file_id.diz
2001-03-01 00:00 73,728 ----a-w C:\Program Files\unacev2.dll
2000-09-05 21:14 3 ----a-w C:\Program Files\maske.txt
1999-02-24 09:56 65,536 ----a-w C:\Program Files\cabinet.dll
1996-05-08 16:38 40,960 ----a-w C:\Program Files\unrar.dll
.

------- Sigcheck -------

2004-03-12 00:19 14336 4347de3681c3c26747ede34f83c580cd C:\WINDOWS\system32\svchost.exe
2004-03-12 02:19 14336 4347de3681c3c26747ede34f83c580cd C:\WINDOWS\system32\dllcache\svchost.exe

2004-03-12 00:18 578048 eb222b7f9cc9280ef967d9593be45ff6 C:\WINDOWS\system32\user32.dll
2004-03-12 02:18 578048 eb222b7f9cc9280ef967d9593be45ff6 C:\WINDOWS\system32\dllcache\user32.dll

2004-03-12 00:18 82944 dd949be06f409695546b637ba0c5c157 C:\WINDOWS\system32\ws2_32.dll
2004-03-12 02:18 82944 dd949be06f409695546b637ba0c5c157 C:\WINDOWS\system32\dllcache\ws2_32.dll

2004-03-12 00:18 642560 ba920f608340dec4a92859d30a11c9c8 C:\WINDOWS\system32\wininet.dll
2004-03-12 02:18 642560 ba920f608340dec4a92859d30a11c9c8 C:\WINDOWS\system32\dllcache\wininet.dll

2004-03-11 23:11 356992 7347c92a9e8a92c67d57695f9bf4e824 C:\WINDOWS\system32\drivers\tcpip.sys
2004-03-11 23:11 356992 7347c92a9e8a92c67d57695f9bf4e824 C:\WINDOWS\system32\dllcache\tcpip.sys

2004-03-12 00:19 504320 289779c0f5491441d1722b4d083ff9d9 C:\WINDOWS\system32\winlogon.exe
2004-03-12 02:19 504320 289779c0f5491441d1722b4d083ff9d9 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-03-11 23:11 182144 db8ea964c507dfc0445e63c9a6ce6b42 C:\WINDOWS\system32\drivers\ndis.sys
2004-03-11 23:11 182144 db8ea964c507dfc0445e63c9a6ce6b42 C:\WINDOWS\system32\dllcache\ndis.sys

2004-03-11 22:48 32512 b390ca36ea188d82c73a76970523482b C:\WINDOWS\system32\drivers\ip6fw.sys
2004-03-11 22:48 32512 b390ca36ea188d82c73a76970523482b C:\WINDOWS\system32\dllcache\ip6fw.sys

2004-03-12 00:28 2069888 bf6c4f5e2a96c59dbe716ee8cf7979b9 C:\WINDOWS\system32\ntkrnlpa.exe

2004-03-11 23:15 2195584 93c7aaa15e40e450bb00ecaa51e0eb3f C:\WINDOWS\system32\ntoskrnl.exe

2004-03-12 00:19 1028608 6e1ca84156307d081433e5e227c0a635 C:\WINDOWS\explorer.exe
2004-03-12 00:19 1028608 6e1ca84156307d081433e5e227c0a635 C:\WINDOWS\system32\dllcache\explorer.exe

2004-03-12 00:19 108032 4f4c5d0e3fe040c2add3aa50390890bf C:\WINDOWS\system32\services.exe
2004-03-12 02:19 108032 4f4c5d0e3fe040c2add3aa50390890bf C:\WINDOWS\system32\dllcache\services.exe

2004-03-12 00:19 13312 37d4032efeac1bb4fb4dfdbbb726f510 C:\WINDOWS\system32\lsass.exe
2004-03-12 02:19 13312 37d4032efeac1bb4fb4dfdbbb726f510 C:\WINDOWS\system32\dllcache\lsass.exe

2004-03-12 00:18 14336 eacbaee1fd3dd9a7635d6d7140c08dde C:\WINDOWS\system32\ctfmon.exe
2004-03-12 00:18 14336 eacbaee1fd3dd9a7635d6d7140c08dde C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-03-12 00:19 56832 f7dd8ab638d63e57263d22ea6e23ab2e C:\WINDOWS\system32\spoolsv.exe
2004-03-12 00:19 56832 f7dd8ab638d63e57263d22ea6e23ab2e C:\WINDOWS\system32\dllcache\spoolsv.exe

2004-03-12 02:19 111616 17a4629e268212dbfcef95c48c761a06 C:\WINDOWS\system32\wuauclt.exe
2004-03-12 02:19 111616 17a4629e268212dbfcef95c48c761a06 C:\WINDOWS\system32\dllcache\wuauclt.exe

2004-03-12 00:19 24576 03d0e4f79efcea6fbee84c0264ccb8bf C:\WINDOWS\system32\userinit.exe
2004-03-12 00:19 24576 03d0e4f79efcea6fbee84c0264ccb8bf C:\WINDOWS\system32\dllcache\userinit.exe

2004-03-12 02:18 294400 452a08e633e8726b8d849f2ad21bf494 C:\WINDOWS\system32\termsrv.dll
2004-03-12 02:18 294400 452a08e633e8726b8d849f2ad21bf494 C:\WINDOWS\system32\dllcache\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-28_21.07.21.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-03-11 22:18:42 20,480 ----a-w C:\WINDOWS\system32\upnpsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-28 39408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-03-12 14336]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-05-02 3334144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2002-10-15 114688]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 29744]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-28 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-03-12 14336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Upnp"= {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll [2004-03-12 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=HBmhly.dll,HBZHUXIAN.dll,HBZG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]
S2 nvmini;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys [ ]
S3 9fd8db;9fd8db;C:\WINDOWS\system32\9fd8db.sys [2008-10-29 5504]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-28 29744]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{A8FC611B-71F6-4B4D-BD3A-BFBCCDE96F57} - A8FC611B.dll
ShellExecuteHooks-{9F684DE8-3E87-4174-9033-E02A3DFD8B61} - 9F684DE8.dll
ShellExecuteHooks-{CABA599D-5089-4865-9420-E41FA3C1F55F} - CABA599D.dll
ShellExecuteHooks-{E3367679-4775-4244-A62E-4CFE58FC850B} - E3367679.dll
ShellExecuteHooks-{E0D39066-96D7-4891-8527-488ADAFCD60F} - E0D39066.dll
ShellExecuteHooks-{4F34C688-FD49-42FC-97F7-87D2F5791612} - 4F34C688.dll
ShellExecuteHooks-{01BD9E17-3A38-4BC7-B779-517102C5A41F} - 01BD9E17.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.eg/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
O8 -: Download All Links with IDM - C:\Program Files\Internet Download Manager\bin\IEGetAll.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\bin\IEExt.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{79E9C819-D588-4ACD-8B05-CA52741F53C6}: NameServer = 163.121.128.134,163.121.128.135
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 01:18:48
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\setup\aawservice.exe
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGEMC.EXE
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\AVG\AVG8\fixcfg.exe
.
**************************************************************************
.
Completion time: 2008-10-29 1:20:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-28 23:19:38
ComboFix3.txt 2008-10-28 19:09:26
ComboFix2.txt 2008-10-28 22:37:42

Pre-Run: 4,720,984,064 bytes free
Post-Run: 4,706,951,168 bytes free

386

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:27 AM, on 29/10/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\setup\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 127.1 localhost
O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
O1 - Hosts: 127.1 61.134.37.12
O1 - Hosts: 127.1 ko.ssa387.cn
O1 - Hosts: 127.1 www.ndxrr.cn
O1 - Hosts: 127.1 12345.ssa387.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 wwwwhf.cn
O1 - Hosts: 127.1 a89369093.sq.u9idc.com
O1 - Hosts: 127.1 www.mmd178.cn
O1 - Hosts: 127.1 www.178mmd.cn
O1 - Hosts: 127.1 www.wenzhuoyyy.cn
O1 - Hosts: 127.1 tw.lovechina.tw.cn
O1 - Hosts: 127.1 222.189.238.151
O1 - Hosts: 127.1 222.179.185.78
O1 - Hosts: 127.1 www.wq9q.cn
O1 - Hosts: 127.1 593ffcey.cn
O1 - Hosts: 127.1 set.yay520.cn
O1 - Hosts: 127.1 tenmoc999.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 121.kcuf-01.com
O1 - Hosts: 127.1 www.ew1q.cn
O1 - Hosts: 127.1 www.b3sk.cn
O1 - Hosts: 127.1 up.bizmd.cn
O1 - Hosts: 127.1 www.ms2a.cn
O1 - Hosts: 127.1 www.wo9188.cn
O1 - Hosts: 127.1 www.fgetchr.cn
O1 - Hosts: 127.1 www.e6zx.cn
O1 - Hosts: 127.1 hai067.com
O1 - Hosts: 127.1 hai088.com
O1 - Hosts: 127.1 778899.jd8j.cn
O1 - Hosts: 127.1 sql.78-11.net
O1 - Hosts: 127.1 www.bbbirdy.com
O1 - Hosts: 127.1 www.s1na1.com.cn
O1 - Hosts: 127.1 www.dianyinjzd.cn
O1 - Hosts: 127.1 www.dj5201314dj.com
O1 - Hosts: 127.1 max-2.cn
O1 - Hosts: 127.1 a.asp-o.cn
O1 - Hosts: 127.1 b.asp-o.cn
O1 - Hosts: 127.1 c.asp-o.cn
O1 - Hosts: 127.1 x.kprobb.cn
O1 - Hosts: 127.1 js.php-k.cn
O1 - Hosts: 127.1 max-1.cn
O1 - Hosts: 127.1 max-3.cn
O1 - Hosts: 127.1 max-4.cn
O1 - Hosts: 127.1 max-5.cn
O1 - Hosts: 127.1 max-6.cn
O1 - Hosts: 127.1 max-7.cn
O1 - Hosts: 127.1 max-8.cn
O1 - Hosts: 127.1 max-9.cn
O1 - Hosts: 127.1 max-10.cn
O1 - Hosts: 127.1 max-11.cn
O1 - Hosts: 127.1 max-12.cn
O1 - Hosts: 127.1 twocannon250.com.cn
O1 - Hosts: 127.1 www.133mm.cn
O1 - Hosts: 127.1 www.51vmm.cn
O1 - Hosts: 127.1 www.7mmoo.cn
O1 - Hosts: 127.1 www.99mmm.org.cn
O1 - Hosts: 127.1 www.hdec.cn
O1 - Hosts: 127.1 www.picc18.com
O1 - Hosts: 127.1 www.kissdh.com
O1 - Hosts: 127.1 www.x7v.cn
O1 - Hosts: 127.1 biqulu.cn
O1 - Hosts: 127.1 2008.qq2006.com.cn
O1 - Hosts: 127.1 giaitrisex.com
O1 - Hosts: 127.1 www.giaitrisex.com
O1 - Hosts: 127.1 www.giaitrituoitre.net
O1 - Hosts: 127.1 mekiep.com
O1 - Hosts: 127.1 www.1sex1day.com
O1 - Hosts: 127.1 a.9ymm.com
O1 - Hosts: 127.1 bobo.7wyt.com
O1 - Hosts: 127.1 www.591caobi.cn
O1 - Hosts: 127.1 www.hrz008.cn
O1 - Hosts: 127.1 asp-15.cn
O1 - Hosts: 127.1 asp-12.cn
O1 - Hosts: 127.1 www.jb88.net
O1 - Hosts: 127.1 6.a88a.com
O1 - Hosts: 127.1 w.b2c3.cn
O1 - Hosts: 127.1 m.c5x8.com
O1 - Hosts: 127.1 www.518sfw.cn
O1 - Hosts: 127.1 www.jjyyzmj.cn
O1 - Hosts: 127.1 u.cnmrx.net
O1 - Hosts: 127.1 duowan.czm.cn
O1 - Hosts: 127.1 xccxcxcxcxcx.cn
O1 - Hosts: 127.1 google-yahoo.org.cn
O1 - Hosts: 127.1 tudou-net.org.cn
O1 - Hosts: 127.1 downloads.zango.com
O1 - Hosts: 127.1 ftp.surfnet.nl
O1 - Hosts: 127.1 bis.180solutions.com
O1 - Hosts: 127.1 installs.hotbar.com
O1 - Hosts: 127.1 www.hbdownloads.com
O1 - Hosts: 127.1 static.zangocash.com
O1 - Hosts: 127.1 www.qq-songli.cn
O1 - Hosts: 127.1 aa.9234.net
O1 - Hosts: 127.1 www.97love.info
O1 - Hosts: 127.1 97love.info
O1 - Hosts: 127.1 www.zyzhuiku.cn
O1 - Hosts: 127.1 zyzhuiku.cn
O1 - Hosts: 127.1 www.lang18.com
O1 - Hosts: 127.1 lang18.com
O1 - Hosts: 127.1 sao6666.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\bin\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\bin\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\bin\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E9C819-D588-4ACD-8B05-CA52741F53C6}: NameServer = 163.121.128.134,163.121.128.135
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: HBmhly.dll,HBZHUXIAN.dll,HBZG.dll
O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\setup\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 9475 bytes
omardomard
Active Member
 
Posts: 12
Joined: October 14th, 2008, 6:17 pm

Re: please help me to get rid of viruses

Unread postby chryssi2001 » October 29th, 2008, 4:02 pm

Hello omardomard,

Now i am using windows in safe mode with network.

This is always a very bad idea, as you are not protected, when using the Internet in safe mode with network support.

This pc is severely infected and it looks like it is a business computer.
Below are our rules concerning business or corporate computers.

http://www.malwareremoval.com/rules.php

In General, we do not help in cleaning business or corporate computers. There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware. There may also be legal issues regarding any loss of business data that we do not wish to deal with.
If you ask for help and, unknown to us, it involves a business computer, you need to understand that any damages resulting from our advice are YOUR RESPONSIBILITY.


I am sorry, but i will have to end my help here.

Due to the severity of the infections, i would advice you to take this pc to your company's IT department and tell them, to reformat and re-install windows, as this system can't be trusted anymore.... or be able to function properly.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: please help me to get rid of viruses

Unread postby Gary R » October 29th, 2008, 6:29 pm

It's not the policy of this forum to work on computers associated with any business enterprise.

This topic is now closed.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware