Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Xpantivirus2008


  • This topic is locked This topic is locked
4 replies to this topic

#1 matthewolavydez

matthewolavydez

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 08 July 2008 - 12:08 PM

i start windows by clicking f8 then i choose start windows normally, then after choosing user i saw a new desktop icon i dont know how it downloaded form my computer! Then after that i saw so much virus exaggerations please help me how to protect my computer against this threats and viruses.
Deckard's System Scanner v20071014.68
Run by Olavydez on 2008-07-09 00:13:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-09 07:13:32 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-09 06:59:53 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-09 00:43:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\vmsnap3.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\lphcvecj0erdt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\rhcrecj0erdt\rhcrecj0erdt.exe
C:\WINDOWS\system32\pphcvecj0erdt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Olavydez\Desktop\dss.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ph/firefox?client=fi...:en-US:official
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
F0 - system.ini: Shell=Explorer.exe scvhosts.exe
F2 - REG:system.ini: Shell=Explorer.exe scvhosts.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: QXK Olive - {AF4EBF01-2871-49E4-BF25-8F0564359C31} - C:\WINDOWS\wbxdpgfevkl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {D3CC473E-1CB4-443E-91AB-3FA3AE660460} - C:\WINDOWS\system32\vtUlLfde.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: sqvgnrpx - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [f8dd5841] rundll32.exe "C:\WINDOWS\system32\yemxfgjd.dll",b
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [lphcvecj0erdt] C:\WINDOWS\system32\lphcvecj0erdt.exe
O4 - HKLM\..\Run: [SMrhcrecj0erdt] C:\Program Files\rhcrecj0erdt\rhcrecj0erdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\\ChikkaLauncher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [INetBooster] C:\Program Files\SoftwareClub.ws\SC Net Speed Booster\ISpBos.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} () - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} () - file:///C:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\system32\LogonDll.dll
O21 - SSODL: fdxbameg - {A4102CA1-F50F-47DC-957B-D84856194EBD} - C:\WINDOWS\fdxbameg.dll
O21 - SSODL: fsrpknov - {60063499-E95B-41B4-BEF3-002D94D9D9E2} - C:\WINDOWS\fsrpknov.dll
O23 - Service: DFServEx - Unknown owner - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\hphipm09.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13912 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 DepFrzHi - c:\windows\system32\drivers\depfrzhi.sys <Not Verified; HyperTechnologies Inc.; Deep Freeze>
R0 DepFrzLo - c:\windows\system32\drivers\depfrzlo.sys <Not Verified; Hyper Technologies Inc.; Deep Freeze>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing)
S3 scrcap - c:\windows\system32\drivers\scrcap.sys (file missing)
S3 XDva093 - c:\windows\system32\xdva093.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 DFServEx - c:\program files\hypertechnologies\deep freeze\dfservex.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-08 23:58:10 262 --a------ C:\WINDOWS\Tasks\SpeedOptimizer Startup.job
2008-06-22 16:58:00 276 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-06-21 20:41:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-12 16:58:14 398 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-09 00:26:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 00:00:57 94208 --a------ C:\WINDOWS\system32\pphcvecj0erdt.exe
2008-07-09 00:00:56 0 d-------- C:\Documents and Settings\Olavydez\Application Data\rhcrecj0erdt
2008-07-09 00:00:08 0 d-------- C:\Program Files\rhcrecj0erdt
2008-07-08 23:59:25 0 d-------- C:\WINDOWS\privacy_danger
2008-07-08 23:58:18 0 d-------- C:\Documents and Settings\Olavydez\Application Data\TmpRecentIcons
2008-07-08 23:56:09 303104 --a------ C:\WINDOWS\wbxdpgfevkl.dll
2008-07-08 23:56:09 155648 --a------ C:\WINDOWS\sqvgnrpx.dll
2008-07-08 23:56:09 86016 --a------ C:\WINDOWS\gpefaowr.exe
2008-07-08 23:56:09 225280 --a------ C:\WINDOWS\fsrpknov.dll
2008-07-08 23:56:09 249856 --a------ C:\WINDOWS\fdxbameg.dll
2008-07-08 23:56:09 176128 --a------ C:\WINDOWS\egxk.exe
2008-07-08 23:55:26 60928 --a------ C:\WINDOWS\system32\blphcvecj0erdt.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-08 23:55:11 109056 --a------ C:\WINDOWS\system32\lphcvecj0erdt.exe
2008-07-08 18:56:32 88576 --a------ C:\WINDOWS\system32\yemxfgjd.dll
2008-07-07 21:21:18 0 d-------- C:\Program Files\YouTube Downloader
2008-07-07 16:32:23 0 d-------- C:\WINDOWS\pss
2008-07-07 15:51:04 0 d-------- C:\Program Files\e-Games
2008-07-07 15:45:36 88576 --a------ C:\WINDOWS\system32\pdiyumkf.dll
2008-07-06 15:45:08 89088 --a------ C:\WINDOWS\system32\blchbiji.dll
2008-07-05 18:08:45 0 d-------- C:\Program Files\AuditionSEA
2008-07-05 14:23:52 89088 --a------ C:\WINDOWS\system32\awoqaxhw.dll
2008-07-04 14:22:58 91520 --a------ C:\WINDOWS\system32\svsdchet.dll
2008-06-29 19:58:31 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Hamachi
2008-06-29 19:55:19 0 d-------- C:\Program Files\O2Jam R3
2008-06-29 16:10:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-29 15:30:30 0 d-------- C:\Program Files\Spyware Doctor
2008-06-29 15:30:30 0 d-------- C:\Documents and Settings\Olavydez\Application Data\PC Tools
2008-06-29 15:25:22 0 d--h----- C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-06-29 15:25:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-06-29 15:25:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-29 15:25:22 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-29 15:25:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-06-29 15:25:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-29 15:25:22 0 d-------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-06-29 15:25:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-06-29 15:25:22 0 d-------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-06-29 15:25:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-29 15:25:22 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-29 15:25:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-06-29 15:25:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-29 15:25:21 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-29 15:22:56 92032 --a------ C:\WINDOWS\system32\npatvens.dll
2008-06-29 15:19:23 0 d--hs---- C:\WINDOWS\CSC
2008-06-27 17:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-27 15:14:00 91520 --a------ C:\WINDOWS\system32\jvydapoh.dll
2008-06-27 09:09:59 178590 --ahs---- C:\WINDOWS\system32\edfLlUtv.ini2
2008-06-26 23:30:51 31 --a------ C:\WINDOWS\system32\srecorder.dll
2008-06-26 17:01:20 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-26 16:59:09 0 d-------- C:\Program Files\Alaplaya
2008-06-24 13:30:58 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-22 05:54:35 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Malwarebytes
2008-06-22 05:54:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 22:06:49 0 d-------- C:\Screen Recordings
2008-06-17 15:22:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Outspark
2008-06-17 15:13:30 0 d-------- C:\Program Files\Outspark
2008-06-17 15:01:29 0 d-------- C:\MyBackup
2008-06-17 15:00:08 0 d-------- C:\Program Files\Premium Booster
2008-06-17 00:33:10 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Thinstall
2008-06-16 22:36:39 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-16 15:07:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 13:55:25 0 d-------- C:\Documents and Settings\Olavydez\keel
2008-06-14 22:17:04 0 d-------- C:\Documents and Settings\Olavydez\oni
2008-06-14 19:50:00 0 d-------- C:\Program Files\AMPED
2008-06-14 17:59:06 0 d-------- C:\Documents and Settings\Olavydez\Application Data\GetRight
2008-06-14 17:39:56 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-06-14 16:16:38 0 d-------- C:\Program Files\SpywareGuard
2008-06-14 15:49:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-14 15:40:50 0 d-------- C:\Program Files\inKline Global
2008-06-13 19:26:35 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-12 17:15:04 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Talkback
2008-06-11 16:53:49 0 d-------- C:\Program Files\uTorrent
2008-06-11 16:53:47 0 d-------- C:\Documents and Settings\Olavydez\Application Data\uTorrent
2008-06-11 12:38:57 0 d-------- C:\Documents and Settings\Olavydez\Application Data\DMCache
2008-06-10 20:50:03 0 d-------- C:\Program Files\StepMania
2008-06-10 02:18:19 54 --a------ C:\smp.bat


-- Find3M Report ---------------------------------------------------------------

2008-07-05 22:45:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-05 18:16:58 228 --a------ C:\WINDOWS\popcinfo.dat
2008-06-27 17:56:54 0 d-------- C:\Program Files\LimeWire
2008-06-26 16:59:07 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-24 16:05:07 0 d-------- C:\Program Files\Top 10 Solitaire
2008-06-22 04:57:49 0 d-------- C:\Program Files\Nokia
2008-06-22 04:57:49 0 d-------- C:\Program Files\Common Files
2008-06-20 16:19:24 0 d-------- C:\Documents and Settings\Olavydez\Application Data\LimeWire
2008-06-20 10:54:19 0 d-------- C:\Program Files\Angels Online
2008-06-17 13:48:32 0 d-------- C:\Documents and Settings\Olavydez\Application Data\SUPERAntiSpyware.com
2008-06-14 17:57:44 0 d-------- C:\Documents and Settings\Olavydez\Application Data\GetRightToGo
2008-06-14 17:42:23 4137 --a------ C:\WINDOWS\mozver.dat
2008-06-14 08:39:33 0 d-------- C:\Documents and Settings\Olavydez\Application Data\U3
2008-06-13 18:50:39 0 d-------- C:\Documents and Settings\Olavydez\Application Data\AVGTOOLBAR
2008-06-12 17:10:54 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Uniblue
2008-06-11 12:37:32 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Wildfire
2008-06-10 01:17:18 0 d-------- C:\Program Files\SkyBlade, Sword of the Heavens
2008-06-10 01:09:05 0 d-------- C:\Program Files\Vonage
2008-06-10 01:08:54 0 d-------- C:\Program Files\Yahoo!
2008-06-08 22:56:25 0 d-------- C:\Program Files\DAP
2008-06-08 05:52:30 0 d-------- C:\Program Files\speed-bit
2008-06-07 06:31:30 4 --a------ C:\WINDOWS\system32\XPerWin.dll
2008-06-07 06:31:18 51 --a------ C:\WINDOWS\system32\xsystem.dll
2008-06-06 08:19:45 0 d-------- C:\Program Files\hp photosmart
2008-06-06 08:15:44 0 d-------- C:\Program Files\Microtek
2008-06-03 06:16:38 0 d-------- C:\Program Files\2D Audition Offline
2008-06-03 06:13:42 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-02 20:23:59 0 d-------- C:\Program Files\Trend Micro
2008-06-01 10:12:41 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Nokia
2008-06-01 10:12:34 0 d-------- C:\Documents and Settings\Olavydez\Application Data\PC Suite
2008-06-01 10:11:29 0 d-------- C:\Program Files\DIFX
2008-06-01 10:11:18 0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-29 23:57:51 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Sun
2008-05-29 06:17:25 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Ahead
2008-05-26 01:13:18 0 d-------- C:\Documents and Settings\Olavydez\Application Data\dotnetfx_Downloader
2008-05-26 01:05:00 16 --a------ C:\WINDOWS\popcinfot.dat
2008-05-24 20:42:40 0 d-------- C:\Program Files\Apple Software Update
2008-05-20 02:34:37 0 d-------- C:\Documents and Settings\Olavydez\Application Data\Apple Computer
2008-05-20 02:34:10 0 d-------- C:\Program Files\iTunes
2008-05-20 02:34:04 0 d-------- C:\Program Files\iPod
2008-05-18 20:57:20 0 d-------- C:\Program Files\SurfingEnhancer
2008-05-13 05:31:44 7372189 --a------ C:\Persi0.sys
2008-05-13 04:47:28 0 d-------- C:\Documents and Settings\Olavydez\Application Data\MSNInstaller
2008-05-13 00:08:03 2048 --a-s---- C:\WINDOWS\bootstet.dat
2008-05-11 02:21:46 0 d-------- C:\Program Files\MumboJumbo
2008-05-11 02:01:26 0 d-------- C:\Documents and Settings\Olavydez\Application Data\PlayFirst
2008-05-11 01:45:19 0 d-------- C:\Program Files\BFG
2008-05-10 02:25:47 0 d-------- C:\Program Files\Sun
2008-05-10 02:25:17 0 d-------- C:\Program Files\Java
2008-05-10 01:01:13 0 d-------- C:\Program Files\Common Files\Java
2008-05-07 07:02:44 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-13 11:26:33 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
08/06/2008 05:59: VIRUS ALERT! 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF4EBF01-2871-49E4-BF25-8F0564359C31}]
08/07/2008 02:01: VIRUS ALERT! 303104 --a------ C:\WINDOWS\wbxdpgfevkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3CC473E-1CB4-443E-91AB-3FA3AE660460}]
C:\WINDOWS\system32\vtUlLfde.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [08/06/2008 05:59: VIRUS ALERT! 1470488]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [ ]

[-HKEY_CLASSES_ROOT\CLSID\{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [20/08/2007 00:38: VIRUS ALERT! C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [02/08/2007 22:22: VIRUS ALERT! C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 03:43: VIRUS ALERT! C:\WINDOWS\Alcmtr.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 16:57: VIRUS ALERT!]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [25/06/2007 09:47: VIRUS ALERT!]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [25/06/2007 09:47: VIRUS ALERT!]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [30/08/2006 11:58: VIRUS ALERT!]
"Domino"="C:\WINDOWS\Domino.EXE" [28/06/2006 18:54: VIRUS ALERT!]
"nwiz"="nwiz.exe" [21/10/2006 21:22: VIRUS ALERT! C:\WINDOWS\system32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/04/2008 12:26: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [25/10/2006 18:58: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 09:36: VIRUS ALERT!]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [12/01/2006 23:46: VIRUS ALERT!]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [12/01/2006 23:46: VIRUS ALERT!]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [08/06/2008 01:27: VIRUS ALERT!]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [21/10/2006 21:22: VIRUS ALERT!]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/11/2007 17:24: VIRUS ALERT!]
"f8dd5841"="C:\WINDOWS\system32\yemxfgjd.dll" [08/07/2008 18:56: VIRUS ALERT!]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [09/08/2004 06:03: VIRUS ALERT!]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/08/2004 06:03: VIRUS ALERT!]
"lphcvecj0erdt"="C:\WINDOWS\system32\lphcvecj0erdt.exe" [08/07/2008 23:55: VIRUS ALERT!]
"SMrhcrecj0erdt"="C:\Program Files\rhcrecj0erdt\rhcrecj0erdt.exe" [06/07/2008 22:23: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 15:56: VIRUS ALERT!]
"ChikkaDefault"="C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\\ChikkaLauncher.exe" [28/08/2007 17:11: VIRUS ALERT!]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 09:24: VIRUS ALERT!]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 17:43: VIRUS ALERT!]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33: VIRUS ALERT!]
"INetBooster"="C:\Program Files\SoftwareClub.ws\SC Net Speed Booster\ISpBos.exe" []

C:\Documents and Settings\Olavydez\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [21/12/2005 10:10:44 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [06/06/2008 8:16:05 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"=0 (0x0)
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13: VIRUS ALERT! 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fdxbameg"= {A4102CA1-F50F-47DC-957B-D84856194EBD} - C:\WINDOWS\fdxbameg.dll [08/07/2008 02:01: VIRUS ALERT! 249856]
"fsrpknov"= {60063499-E95B-41B4-BEF3-002D94D9D9E2} - C:\WINDOWS\fsrpknov.dll [08/07/2008 02:01: VIRUS ALERT! 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe scvhosts.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41: VIRUS ALERT! 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
LogonDll.dll 20/09/2002 05:30: VIRUS ALERT! 49152 C:\WINDOWS\system32\LogonDll.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUlLfde

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\AUTORUN.EXE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8373 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-09 00:48:41 ------------

:thumbsup:

BC AdBot (Login to Remove)

 


m

#2 matthewolavydez

matthewolavydez
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 08 July 2008 - 12:12 PM

it always start internet explorer and asking me if i want to download their products always show.i dont know why i dont open it but it always pop-up form screen how to block it please help me! :thumbsup:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
CPU 1: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 1023.17 MiB / 196.22 MiB
Pagefile Memory (total/avail): 2460.39 MiB / 1500.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.91 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 48.83 GiB total, 21.69 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 25.7 GiB total, 25.64 GiB free.

\\.\PHYSICALDRIVE0 - ST380215AS - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 48.83 GiB - C:
\PARTITION1 - Installable File System - 25.7 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Documents and Settings\\Olavydez\\Desktop\\CabalTemp\\ESTSetupLoader.exe"="C:\\Documents and Settings\\Olavydez\\Desktop\\CabalTemp\\ESTSetupLoader.exe:*:Disabled:EST! download engine"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\AMPED\\GetAmped Philippines\\amped.exe"="C:\\Program Files\\AMPED\\GetAmped Philippines\\amped.exe:*:Enabled:amped"
"C:\\Documents and Settings\\Olavydez\\Local Settings\\Temp\\Rar$EX17.391\\O2EmuServer.exe"="C:\\Documents and Settings\\Olavydez\\Local Settings\\Temp\\Rar$EX17.391\\O2EmuServer.exe:*:Enabled:Server Demonstration"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Olavydez\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CAR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Olavydez
LOGONSERVER=\\CAR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Olavydez\LOCALS~1\Temp
TMP=C:\DOCUME~1\Olavydez\LOCALS~1\Temp
USERDOMAIN=CAR
USERNAME=Olavydez
USERPROFILE=C:\Documents and Settings\Olavydez
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Olavydez (admin)
new account.CAR (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
A4 TECH PC Camera H --> C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe -runfromtemp -l0x0009 -removeonly
ABBYY FineReader OCR Engine for Microtek --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}\setup.exe"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Amazing Adventures The Lost Tomb --> "C:\Program Files\Amazing Adventures The Lost Tomb\un_Amazing Adventures The Lost Tomb_36039.exe"
AntivirXP08 --> "C:\Program Files\rhcrecj0erdt\uninstall.exe"
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Audition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9DB52C99-EC51-4173-93C5-298769170CB0}\setup.exe" -l0x9 -removeonly
AuditionSEA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC48376E-5D6C-40AE-A226-1D3AC8BDA60F}\setup.exe" -l0x9 -removeonly
Call of Duty --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Chikka Messenger V4 --> C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\UNWISE.EXE C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\INSTALL.LOG
Crimsonland --> "C:\Program Files\Crimsonland\unins000.exe"
D-Link DFM-562IS HSFi PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_20D514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Fantastic Flame Screensaver --> C:\Program Files\Fantastic Flame Screensaver\uninstall.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
hp photosmart printer series (Remove only) --> C:\Program Files\hp photosmart\printer\hphuni03.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Mega Codec Pack 1.52 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
LimeWire PRO 4.10.0 --> "C:\Program Files\LimeWire\uninstall.exe"
MadCaps --> "C:\Program Files\MadCaps\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nero 7 Essentials --> MsiExec.exe /X{8E72B982-D54F-486F-B35A-C24B6F171033}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O2jam --> "C:\Program Files\e-Games\O2jam\uninstall.exe"
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Outspark Launcher --> C:\Program Files\Outspark\Launcher\uninstall.exe
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
Platypus --> "C:\Program Files\Platypus\unins000.exe"
PopCap Deluxe Games --> "C:\Program Files\PopCap Games\unins000.exe"
QuickFix --> MsiExec.exe /I{69EF2652-2DEC-40B6-A822-BF4DCB027099}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Ricochet Lost Worlds: Recharged --> "C:\Program Files\Ricochet Lost Worlds Recharged\unins000.exe"
ScanWizard 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B08D262E-D902-11D5-9C28-0080C85A0C2D}\setup.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
speed-bit Toolbar --> C:\PROGRA~1\SPEED-~1\UNWISE.EXE C:\PROGRA~1\SPEED-~1\INSTALL.LOG
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SurfingEnhancer --> C:\Program Files\SurfingEnhancer\uninstall.exe
TeamUp --> "C:\Program Files\TeamUp\unins000.exe"
Think Tanks --> "C:\Program Files\Think Tanks\unins000.exe"
Top 10 Solitaire --> "C:\Program Files\Top 10 Solitaire\unins000.exe"
Turtle Bay --> "C:\Program Files\Turtle Bay\unins000.exe"
VP-EYE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC17B2BE-BA6F-4696-8E5D-ED2A62981CDA}\setup.exe" -l0x9
WebVideo Support --> C:\WINDOWS\gpefaowr.exe
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Word Harmony --> "C:\Program Files\Word Harmony\unins000.exe"
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type2309 / Error
Event Submitted/Written: 07/09/2008 00:24:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module comctl32.dll, version 5.82.2900.2982, fault address 0x00014814.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2308 / Error
Event Submitted/Written: 07/09/2008 00:20:36 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module comctl32.dll, version 5.82.2900.2982, fault address 0x00014814.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2305 / Error
Event Submitted/Written: 07/09/2008 00:01:36 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module comctl32.dll, version 5.82.2900.2982, fault address 0x00014814.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2301 / Error
Event Submitted/Written: 07/08/2008 11:44:24 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type2300 / Error
Event Submitted/Written: 07/08/2008 07:42:07 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2045 / Error
Event Submitted/Written: 07/09/2008 00:20:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2044 / Warning
Event Submitted/Written: 07/09/2008 00:13:23 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2016 / Error
Event Submitted/Written: 07/08/2008 11:58:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DFServEx service failed to start due to the following error:
%%2

Event Record #/Type2012 / Error
Event Submitted/Written: 07/08/2008 11:56:48 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type2011 / Warning
Event Submitted/Written: 07/08/2008 11:55:48 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-09 00:48:41 ------------

Edited by Orange Blossom, 08 July 2008 - 05:22 PM.
Merged topics. ~ OB


#3 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 11 July 2008 - 10:11 AM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

You're severly infected. Please follow the steps below; if something isn't working or it isn't clear to you, please stop and ask.

Step 1

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.
Step 2

Print these instructions or copy them to Notepad and save it to your desktop, as you won't be able to access internet in Safe Mode.

Please download SDFix and save it to your desktop.

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows directory, typically C:\SDFix)

Please reboot into Safe Mode. To do this, go to Start > Turn off Computer, and select Restart. Rapidly tap F8 just before Windows starts to load. In the menu that appears, select Safe Mode (Without Networking)

Log in to your usual account.

Once in Safe Mode, do the following:

Open the extracted SDFix folder and double-click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any trojan services and registry entries that it finds, then prompt you to press any key to reboot; press any key and it will restart the PC.
  • When the PC restarts SDFix will run again and complete the removal process then display Finished. Press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to clipboard ready for posting back on the forum).
Step 3

Please visit this webpage for download links, and instructions for running ComboFix -

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says -

The Recovery Console was successfully installed.

Please continue as follows -
  • Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you. Please save it to a convenient location.

Step 4

You aren't running anti-virus software. Please make sure you download and install one anti-virus program.

Use an Anti-Virus Program - It is very important that your computer has an anti-virus program running on your machine. This alone can save you a lot of trouble with malware in the future.

Here are a few (free) anti-virus programs, please download and install one of them:
Update your Anti-Virus Software - It is very important that you update your anti-virus software at least once a week (even more if you wish). If you do not update your anti-virus software then it will not be able to catch any of the new variants that will come out.

Step 5

Download HJTInstall.exe to your desktop.
  • Doubleclick HJTInstall.exe to install HijackThis.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Save it to a convenient location.
Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Step 6

In your next reply, please post:
  • the SDFix log (C:\SDFix\Report.txt)
  • the Combofix log (C:\Combofix.txt)
  • the CCleaner Uninstall List (install.txt)
  • the HijackThis log

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#4 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 15 July 2008 - 12:03 PM

Do you still need help?
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#5 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 18 July 2008 - 02:26 PM

Due to inactivity this topic will be closed.

If you need help please start a new thread and post a new HijackThis log.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users