Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan.Vundo.DVS, continous popups .... Help ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby Shaba » April 28th, 2008, 12:32 pm

Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)
    Image
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)
    Image
  • Now click on the Save as Text button
  • Savethe file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only! Keep ALL other programs closed during the scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby CompRookie » April 28th, 2008, 4:13 pm

sry i took so long, the scan took 2 hrs :S

hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:56 AM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\OpcEnum.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\RoamMgr.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Scanner\FileUtility\SFUSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Scanner\FileUtility\nsCatCom.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\New Folder\Internet Download Manager\IDMan.exe
C:\Program Files\Proxifier\Proxifier.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\New Folder\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\CompRookie.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\New Folder\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\New Folder\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Proxifier] "C:\Program Files\Proxifier\Proxifier.exe" aut
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\New Folder\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\New Folder\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\New Folder\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O15 - Trusted Zone: mynet.natoil.com (HKLM)
O15 - Trusted Zone: ba.nov.com (HKLM)
O15 - Trusted Zone: ba2.nov.com (HKLM)
O15 - Trusted Zone: gold.nov.com (HKLM)
O15 - Trusted Zone: help.nov.com (HKLM)
O15 - Trusted Zone: http://helpadmin.nov.com (HKLM)
O15 - Trusted Zone: inside.nov.com (HKLM)
O15 - Trusted Zone: mynet.nov.com (HKLM)
O15 - Trusted Zone: tracker.nov.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1BA7BD5D-2BE1-4C06-A53F-632BD1C003BA} (ISBinstaller Class) - https://ra1.nov.com/sre/ISBinstaller.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5890537590
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://ra1.nov.com/sre/ICSScanner.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos ... ateion.cab
O16 - DPF: {C6C4466F-F933-402D-BCD5-3B15964690A4} (Rohan_cb2_sysinfo Control) - http://www.sealonline.com/07_etc/sealonline_sysinfo.cab
O16 - DPF: {E72CFC93-BAE3-8D60-85D1-129993AAC8B9} (UImageUploader Class) - http://www.perfspot.com/u/UImageUploaderXP.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nov.com
O17 - HKLM\Software\..\Telephony: DomainName = nov.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nov.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nov.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\system32\RoamMgr.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Scanner\FileUtility\SFUSVC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 14649 bytes


Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 29, 2008 12:05:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/04/2008
Kaspersky Anti-Virus database records: 729076
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 101438
Number of viruses found: 10
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 02:25:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\BitDefender\Desktop\Profiles\asdict.dat Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008042820080429\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\BitDefender Total Security 2008 With License 3650 Days\bitdefender_totalsecurity_2008_32b.exe/data0000.cab/is153055.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\BitDefender Total Security 2008 With License 3650 Days\bitdefender_totalsecurity_2008_32b.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\BitDefender Total Security 2008 With License 3650 Days\bitdefender_totalsecurity_2008_32b.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\BitDefender Total Security 2008 With License 3650 Days\k...g.exe Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\U88.rar Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Received Files\Proxifier v2.7 Crack.rar Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\03bd420411be43f4f056b3db852635b6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\080dd307d176f7bb90d01b9c3e37cd4b_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\08213efac97c6aa7dd4306864fc2044c_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\083a68be69b69cec226fd5acb00dbfd7_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0bc7ff7f6f0eec9f2a25c623de918929_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0bfda63d60e1dd6199477f37e93ee95f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0c243bde85d24d5b8052e6d4aa8b869f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0f23c6107cd1c6c0a402e930a5fe7dbf_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\102577d679fabbf29a5245dc5cd3e0f7_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\10b79188bfc6cbaacb184360ea5baa18_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1408dae51f4c79f3bde83b2c83f7dbac_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1692f7889f32c066d2368574e1ce4108_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\18a5602d9cf18524aadb251205f648f8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1bfa62842216cbcb5d969ae2716bbcf9_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1e876b576782cf22e094990c14cd3e0b_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\215d1d6a08f36aa7b1c02d47017cb1be_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\217cdfcdb49f0d902a1446d57a1080da_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\25f2d3e3d341512d82e181c3c724b3af_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\29cfa787b22db26093ad59a2737f72af_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\2cff00d5b0229bbb8edecc63afa7138f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\2e9ed94b9fbcc39861d9d563be19f2b2_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3356ad4a9d6d41424ff3fef7cf9135a8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\351d2102fb09e775ad233d132ff73eb6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3702883ac0bd1e89e4867b88ba0a0652_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\397c8894701af4e96cbbcdfaa3c48037_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\39e8a586c820dddfccd90329298859f9_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3d3bfdbdf4de205d746321962d46367d_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3e47edcbed17612d6b670576d615e704_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3e9be32af34ed2e12f850283fc14d880_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3ecde5760570a5eb6c9feb49799e7387_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3ef8c4d0882b241ce3e9e925e0a0a3ef_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4180cc8ca4ca49fbc46391cd270e6dc2_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\41f8a4840cf204ceb4d22b1256da6896_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\44a26c3cb29d8cfe4b18157879da9eb0_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\45180f78837959944b23ae6e8bea9098_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\47683cf21942f7d073a4252b08f40cd9_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4ad127aaaaebab84c3d320f72efb4efe_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4ae30357e0eeb7411789f56c07dd3643_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4d613ac68f74b119336794c5867c97df_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4eadfbce5beb1eba9338a79f38a53efa_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\505008b5d83d21dac683c5cc4d1aa257_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\52f0a4059beb4c3d1cab57142641a426_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\55c31dd13af1bd523cd1d5b743c11236_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\56dc1c307a00d879ea612298128290bf_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\593b2331962c5af6da6ad05e60cd4cd8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\5a201bb5ce9836e4a36a531485c3bde8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6996b3f30885b6b6d8e9b6ce9300b50c_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6c4e8b31da84404b383fed96044e8987_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6ca2edf0f7c02d35600ed0d9155ded1d_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6ee3690a63d5538a08b340c21254a08f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\74a9b02ef463ae419a4b0bfd86cc8924_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7580b0a353e0cf87ba0c4b5c7cc94093_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7677f733943e7628b1bc3cf40bca22ff_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\77e1efd7aebc4a0d0eb7dc35e444c3e5_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\79bb6b6e0b2bfbbe5e41fc58b93e6154_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7b62e191d7a38bc6943dea58d003cfe3_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7bc856986bc39c4f5b623c13190ea6cc_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7de319a52bde52dcedbadf7238827ac5_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\827455462b3a6b7f4b92347778fab819_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8360dacf4858e46301eafb454baa99c2_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\84022b82cecf9894ea475d2b6112e547_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8449276b3e3bdbfe84aa527073601d31_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\89bf0e4d045fc81b25b6905631d6e9d9_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8a5efe23384e47b9a9ed6c357bbabfa6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8a90461b2578dbaf58751ea8b2dbd2ad_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8ae04d228ef53a0ea5b1be96824bb9a1_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\90ce7cdec29df2ebd816f5d4d88c879b_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\92615ef58ba79ce74b41ee4cf8245a15_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\94fc074b63e4eba28cf3829b3564394a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\99d4a6ef047870940a9d123c14d0c98a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\9d7cef3c6e982032a1b644da41b373eb_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\9f2e79afcf106ebf0e433f46070a7843_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a4d0aa4d377bea256338a07de20893d8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a7831b06ab51a7051a2a7d910d1b80c6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a90b68f0d9bfd182f8a51fc94b86415c_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a97196db110e57cdf54bb8c7711f6964_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\ac8648cae325c6351109759605605c24_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b0ed99e5dc7d1b87fca7a8e3c16ebe46_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b2570a3190495045fa37e20a0ff6c543_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b4be6151c3ae6549133360cbe5f5a88a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b4ebec31296c9be49101c16e4ee67345_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b5240bbc1840be88706852529fe1766f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b715229d85025a3ba180cef5f716f441_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b7ee465379aeaf12b777332e3a3eea48_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b9aff5209ad38bd34e8227695316258e_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\c0795fc4a4a05237b009104e42405a70_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\c666ae4ebc27ca5785539afbe8b07c55_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\c7ba4940441a03e1f5b54815592ecc64_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\ccc04c73638f6e2a51a99dd147b6a5bc_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\cfe3d0e5e7b5437170cdf67b4b7b6df3_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\d0b9ce9611ba5fedb4bf09b9e516650a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\d33d1d320744cfda6443e435e24aee8d_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\d7ed9ac360a94879688b61dc06322cab_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\da019bd489421313fb4d0d8904083d60_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\da28ef9aa372fd85b2f12df78bd4baba_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\db0b23e6389c91cfebf9e445f255fab6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\dcd302d5ae6b3d1fbf48aadb54120099_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\dd629863969a50c91b69eb157a794281_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\e14615cfda294f5c410e5ab11297ce11_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\e1a37c5567fdce0e5795b840800ca702_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\e3465d8e95d8da18b47e4bc5ab7bcfb6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\ed95b9e9e74ebe1326978c42fca3f524_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\edf6fe86e695e1986e7d8bea405eef26_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\ef978e5059a603def1466a79d12e6b70_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\f0ad6c35a0c5c6a23503da6e236a801a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\f4428f6e557e781903d0ec74926a3fbe_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\f4ca54566dbf2199fa53cd66552ae8c4_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fac5c785026c774f610daf7ecc04aeb7_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\faf6f236d023411e3f7e82a48855318d_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fbe6245a27ff9cf81e66c298bc3adeb0_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fc1e34db36dae81306b8963fad09940b_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fd8257496eea3557e18ecfc4fc92bccf_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_10756\aspdict.dat Object is locked skipped
C:\Program Files\BitDefender\BitDefender 2008\dbokf.db Object is locked skipped
C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\Hotspot Shield\log\oas.log Object is locked skipped
C:\Program Files\Juniper Networks\Common Files\NCService.log Object is locked skipped
C:\Program Files\Radmin Viewer 3.0\radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.30 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ahchdmoj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\blqcqxki.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYqnLe.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dgdnwnom.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\janqdish.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qre skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ohhcvder.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qfucnfso.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMcbaby.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqjegahh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\QooBox\Quarantine\catchme2008-04-27_161550.76.zip/ljJDTMee.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-27_161550.76.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP2\A0000013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrh skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP2\A0000014.dll Object is locked skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP2\A0000015.dll Object is locked skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP2\A0000016.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qre skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP2\A0000017.dll Object is locked skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP5\A0000417.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP5\A0000418.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP5\A0000419.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP5\A0000495.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP6\change.log Object is locked skipped
C:\WINDOWS\bthservsdp.dat Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\admdll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\WINDOWS\system32\TmEncryptTemp.000 Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\TmEncryptTemp.001 Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00006d54\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
CompRookie
Regular Member
 
Posts: 16
Joined: April 26th, 2008, 5:06 am

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby Shaba » April 29th, 2008, 4:51 am

Hi

It looks like that your bitdefender isn't a legit copy:

C:\Documents and Settings\Administrator\My Documents\Downloads\BitDefender Total Security 2008 With License 3650 Days\bitdefender_totalsecurity_2008_32b.exe/data0000.cab/is153055.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\BitDefender Total Security 2008 With License 3650 Days\bitdefender_totalsecurity_2008_32b.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\BitDefender Total Security 2008 With License 3650 Days\bitdefender_totalsecurity_2008_32b.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\BitDefender Total Security 2008 With License 3650 Days\k...g.exe Object is locked skipped

So I suggest that you remove it and install a free alternative instead.

Would you like me to give you some alternatives next?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby CompRookie » April 29th, 2008, 7:16 am

>_<

please, if you have any good anti virus that would help my computer and help fight against virus please tell me :cry:

i currently have adaware 2007, but i don think its enough ...
CompRookie
Regular Member
 
Posts: 16
Joined: April 26th, 2008, 5:06 am

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby Shaba » April 29th, 2008, 9:40 am

Hi

OK.

First make sure that windows own firewall is enabled and delete this:

C:\Documents and Settings\Administrator\My Documents\Downloads\BitDefender Total Security 2008 With License 3650 Days

After that download one antivirus and one firewall from below:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

After that, uninstall BitDefender and install one firewall and one antivirus.

Disable windows firewall and post back a fresh HijackThis log, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby CompRookie » April 29th, 2008, 10:53 am

i just downloaded zonealarm, and antivir ... but i couldnt uninstall bitdefender because the program is not in the Add/remove program list. and there isnt any uninstall.exe in the folder of the program, any ideas ?
CompRookie
Regular Member
 
Posts: 16
Joined: April 26th, 2008, 5:06 am

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby Shaba » April 29th, 2008, 10:57 am

Hi

This should help.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby CompRookie » April 29th, 2008, 12:11 pm

well all done, i downloaded avira antivir and online armor because zonealarm didnt work. this is the hjt log after rwbooting and installing ... hope im all clear :D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:12 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\OpcEnum.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\RoamMgr.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Scanner\FileUtility\SFUSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Scanner\FileUtility\nsCatCom.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\New Folder\Internet Download Manager\IDMan.exe
C:\Program Files\Proxifier\Proxifier.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\New Folder\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\CompRookie.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\New Folder\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\New Folder\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Proxifier] "C:\Program Files\Proxifier\Proxifier.exe" aut
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\New Folder\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\New Folder\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\New Folder\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O15 - Trusted Zone: mynet.natoil.com (HKLM)
O15 - Trusted Zone: ba.nov.com (HKLM)
O15 - Trusted Zone: ba2.nov.com (HKLM)
O15 - Trusted Zone: gold.nov.com (HKLM)
O15 - Trusted Zone: help.nov.com (HKLM)
O15 - Trusted Zone: http://helpadmin.nov.com (HKLM)
O15 - Trusted Zone: inside.nov.com (HKLM)
O15 - Trusted Zone: mynet.nov.com (HKLM)
O15 - Trusted Zone: tracker.nov.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1BA7BD5D-2BE1-4C06-A53F-632BD1C003BA} (ISBinstaller Class) - https://ra1.nov.com/sre/ISBinstaller.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5890537590
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://ra1.nov.com/sre/ICSScanner.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos ... ateion.cab
O16 - DPF: {C6C4466F-F933-402D-BCD5-3B15964690A4} (Rohan_cb2_sysinfo Control) - http://www.sealonline.com/07_etc/sealonline_sysinfo.cab
O16 - DPF: {E72CFC93-BAE3-8D60-85D1-129993AAC8B9} (UImageUploader Class) - http://www.perfspot.com/u/UImageUploaderXP.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nov.com
O17 - HKLM\Software\..\Telephony: DomainName = nov.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nov.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nov.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\system32\RoamMgr.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Scanner\FileUtility\SFUSVC.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 14693 bytes
CompRookie
Regular Member
 
Posts: 16
Joined: April 26th, 2008, 5:06 am

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby Shaba » April 29th, 2008, 12:35 pm

Hi

Yes looks pretty good :)

Empty this folder:

C:\QooBox\Quarantine

Delete these:

C:\Program Files\Radmin Viewer 3.0
C:\WINDOWS\system32\admdll.dll
C:\WINDOWS\system32\raddrv.dll
C:\WINDOWS\system32\TmEncryptTemp.000
C:\WINDOWS\system32\TmEncryptTemp.001

Empty Recycle Bin.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby CompRookie » April 29th, 2008, 3:54 pm

files deleted .... im just wandering, how is my computer still infected ?? :cry:

anyways, here are the logs ... hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:31 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\New Folder\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Proxifier\Proxifier.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\OpcEnum.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\RoamMgr.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Scanner\FileUtility\SFUSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Scanner\FileUtility\nsCatCom.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\New Folder\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Trend Micro\HijackThis\CompRookie.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\New Folder\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\New Folder\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Proxifier] "C:\Program Files\Proxifier\Proxifier.exe" aut
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\New Folder\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\New Folder\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\New Folder\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O15 - Trusted Zone: mynet.natoil.com (HKLM)
O15 - Trusted Zone: ba.nov.com (HKLM)
O15 - Trusted Zone: ba2.nov.com (HKLM)
O15 - Trusted Zone: gold.nov.com (HKLM)
O15 - Trusted Zone: help.nov.com (HKLM)
O15 - Trusted Zone: http://helpadmin.nov.com (HKLM)
O15 - Trusted Zone: inside.nov.com (HKLM)
O15 - Trusted Zone: mynet.nov.com (HKLM)
O15 - Trusted Zone: tracker.nov.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1BA7BD5D-2BE1-4C06-A53F-632BD1C003BA} (ISBinstaller Class) - https://ra1.nov.com/sre/ISBinstaller.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5890537590
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://ra1.nov.com/sre/ICSScanner.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos ... ateion.cab
O16 - DPF: {C6C4466F-F933-402D-BCD5-3B15964690A4} (Rohan_cb2_sysinfo Control) - http://www.sealonline.com/07_etc/sealonline_sysinfo.cab
O16 - DPF: {E72CFC93-BAE3-8D60-85D1-129993AAC8B9} (UImageUploader Class) - http://www.perfspot.com/u/UImageUploaderXP.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nov.com
O17 - HKLM\Software\..\Telephony: DomainName = nov.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nov.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nov.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\system32\RoamMgr.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Scanner\FileUtility\SFUSVC.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 15062 bytes


kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 29, 2008 11:50:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 731399
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 100256
Number of viruses found: 6
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:55:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\03bd420411be43f4f056b3db852635b6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\080dd307d176f7bb90d01b9c3e37cd4b_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\08213efac97c6aa7dd4306864fc2044c_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\083a68be69b69cec226fd5acb00dbfd7_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0bc7ff7f6f0eec9f2a25c623de918929_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0bfda63d60e1dd6199477f37e93ee95f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0c243bde85d24d5b8052e6d4aa8b869f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0f23c6107cd1c6c0a402e930a5fe7dbf_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\102577d679fabbf29a5245dc5cd3e0f7_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\10b79188bfc6cbaacb184360ea5baa18_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1408dae51f4c79f3bde83b2c83f7dbac_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1692f7889f32c066d2368574e1ce4108_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\18a5602d9cf18524aadb251205f648f8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1bfa62842216cbcb5d969ae2716bbcf9_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1e876b576782cf22e094990c14cd3e0b_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\215d1d6a08f36aa7b1c02d47017cb1be_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\217cdfcdb49f0d902a1446d57a1080da_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\25f2d3e3d341512d82e181c3c724b3af_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\29cfa787b22db26093ad59a2737f72af_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\2cff00d5b0229bbb8edecc63afa7138f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\2e9ed94b9fbcc39861d9d563be19f2b2_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3356ad4a9d6d41424ff3fef7cf9135a8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\351d2102fb09e775ad233d132ff73eb6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3702883ac0bd1e89e4867b88ba0a0652_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\397c8894701af4e96cbbcdfaa3c48037_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\39e8a586c820dddfccd90329298859f9_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3d3bfdbdf4de205d746321962d46367d_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3e47edcbed17612d6b670576d615e704_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3e9be32af34ed2e12f850283fc14d880_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3ecde5760570a5eb6c9feb49799e7387_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\3ef8c4d0882b241ce3e9e925e0a0a3ef_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4180cc8ca4ca49fbc46391cd270e6dc2_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\41f8a4840cf204ceb4d22b1256da6896_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\44a26c3cb29d8cfe4b18157879da9eb0_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\45180f78837959944b23ae6e8bea9098_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\47683cf21942f7d073a4252b08f40cd9_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4ad127aaaaebab84c3d320f72efb4efe_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4ae30357e0eeb7411789f56c07dd3643_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4d613ac68f74b119336794c5867c97df_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\4eadfbce5beb1eba9338a79f38a53efa_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\505008b5d83d21dac683c5cc4d1aa257_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\52f0a4059beb4c3d1cab57142641a426_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\55c31dd13af1bd523cd1d5b743c11236_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\56dc1c307a00d879ea612298128290bf_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\593b2331962c5af6da6ad05e60cd4cd8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\5a201bb5ce9836e4a36a531485c3bde8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6996b3f30885b6b6d8e9b6ce9300b50c_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6c4e8b31da84404b383fed96044e8987_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6ca2edf0f7c02d35600ed0d9155ded1d_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6ee3690a63d5538a08b340c21254a08f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\74a9b02ef463ae419a4b0bfd86cc8924_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7580b0a353e0cf87ba0c4b5c7cc94093_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7677f733943e7628b1bc3cf40bca22ff_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\77e1efd7aebc4a0d0eb7dc35e444c3e5_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\79bb6b6e0b2bfbbe5e41fc58b93e6154_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7b62e191d7a38bc6943dea58d003cfe3_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7bc856986bc39c4f5b623c13190ea6cc_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7de319a52bde52dcedbadf7238827ac5_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\827455462b3a6b7f4b92347778fab819_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8360dacf4858e46301eafb454baa99c2_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\84022b82cecf9894ea475d2b6112e547_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8449276b3e3bdbfe84aa527073601d31_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\89bf0e4d045fc81b25b6905631d6e9d9_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8a5efe23384e47b9a9ed6c357bbabfa6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8a90461b2578dbaf58751ea8b2dbd2ad_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\8ae04d228ef53a0ea5b1be96824bb9a1_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\90ce7cdec29df2ebd816f5d4d88c879b_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\92615ef58ba79ce74b41ee4cf8245a15_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\94fc074b63e4eba28cf3829b3564394a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\99d4a6ef047870940a9d123c14d0c98a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\9d7cef3c6e982032a1b644da41b373eb_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\9f2e79afcf106ebf0e433f46070a7843_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a4d0aa4d377bea256338a07de20893d8_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a7831b06ab51a7051a2a7d910d1b80c6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a90b68f0d9bfd182f8a51fc94b86415c_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a97196db110e57cdf54bb8c7711f6964_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\ac8648cae325c6351109759605605c24_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b0ed99e5dc7d1b87fca7a8e3c16ebe46_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b2570a3190495045fa37e20a0ff6c543_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b4be6151c3ae6549133360cbe5f5a88a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b4ebec31296c9be49101c16e4ee67345_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b5240bbc1840be88706852529fe1766f_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b715229d85025a3ba180cef5f716f441_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b7ee465379aeaf12b777332e3a3eea48_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b9aff5209ad38bd34e8227695316258e_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\c0795fc4a4a05237b009104e42405a70_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\c666ae4ebc27ca5785539afbe8b07c55_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\c7ba4940441a03e1f5b54815592ecc64_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\ccc04c73638f6e2a51a99dd147b6a5bc_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\cfe3d0e5e7b5437170cdf67b4b7b6df3_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\d0b9ce9611ba5fedb4bf09b9e516650a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\d33d1d320744cfda6443e435e24aee8d_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\d7ed9ac360a94879688b61dc06322cab_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\da019bd489421313fb4d0d8904083d60_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\da28ef9aa372fd85b2f12df78bd4baba_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\db0b23e6389c91cfebf9e445f255fab6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\dcd302d5ae6b3d1fbf48aadb54120099_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\dd629863969a50c91b69eb157a794281_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\e14615cfda294f5c410e5ab11297ce11_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\e1a37c5567fdce0e5795b840800ca702_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\e3465d8e95d8da18b47e4bc5ab7bcfb6_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\ed95b9e9e74ebe1326978c42fca3f524_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\edf6fe86e695e1986e7d8bea405eef26_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\ef978e5059a603def1466a79d12e6b70_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\f0ad6c35a0c5c6a23503da6e236a801a_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\f4428f6e557e781903d0ec74926a3fbe_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\f4ca54566dbf2199fa53cd66552ae8c4_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fac5c785026c774f610daf7ecc04aeb7_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\faf6f236d023411e3f7e82a48855318d_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fbe6245a27ff9cf81e66c298bc3adeb0_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fc1e34db36dae81306b8963fad09940b_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fd8257496eea3557e18ecfc4fc92bccf_1fd9543a-e05a-43b1-8ce1-de51544779d5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\Hotspot Shield\log\oas.log Object is locked skipped
C:\Program Files\Juniper Networks\Common Files\NCService.log Object is locked skipped
C:\Program Files\Radmin Viewer 3.0\radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.30 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP2\A0000016.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qre skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP5\A0000417.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP5\A0000419.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP5\A0000495.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP9\A0002179.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP9\A0002180.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP9\A0002189.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.30 skipped
C:\System Volume Information\_restore{3A39FD1A-6AAD-42C5-85C4-90AA75A0CA6A}\RP9\change.log Object is locked skipped
C:\WINDOWS\bthservsdp.dat Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{655E1A6A-1361-4038-A4AD-3ED36FADB6EE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\OADriver.sys Object is locked skipped
C:\WINDOWS\system32\drivers\OAmon.sys Object is locked skipped
C:\WINDOWS\system32\drivers\oanet.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
CompRookie
Regular Member
 
Posts: 16
Joined: April 26th, 2008, 5:06 am

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby Shaba » April 30th, 2008, 6:24 am

Hi

Yes but nothing major there.

Delete this folder:

C:\Program Files\Radmin Viewer 3.0\

Empty Recycle Bin.

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any issues left?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby CompRookie » April 30th, 2008, 7:11 am

nope, my computers activity is back to normal ... no more pop ups or Vundos ... everything is good ...

are those viruses harmful ? the ones the are in the system restore ?
CompRookie
Regular Member
 
Posts: 16
Joined: April 26th, 2008, 5:06 am

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby Shaba » April 30th, 2008, 8:05 am

Hi

Yes but they aren't harmful in the moment as they are in system restore.

Any other concerns?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby CompRookie » April 30th, 2008, 8:37 am

nope, not really, as i told everything is just working fine ... the firewall and the antivirus a very helpful. i just have 2 questions...

first, should i turnoff windows firewall or just keep it on ?

and second, i downloaded the bitdefender program for http://www.mininova.com ... i installed it and everything,it didnt see harmfull ... but after the restart the trojans started attacking. my question is how do i know which torrent is or not ? do you know any torrents sites that you could suggest ?
CompRookie
Regular Member
 
Posts: 16
Joined: April 26th, 2008, 5:06 am

Re: Trojan.Vundo.DVS, continous popups .... Help ?

Unread postby Shaba » April 30th, 2008, 8:43 am

Hi

You should turn off windows firewall, yes.

As for torrents, I don't recommend using any p2p program and even less if you are using them to download illegal stuff as you did (BitDefender).

There are in many cases freeware alternatives available, too.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware