Problem to remove Virtumonde virus

[tony6725]

yes, I did download this programme as window sreensaver. In terms of P2P, I remember I close it when I ran Combofix.

So, do you mean I should redo?

 

[ndmmxiaomayi]

There's no need to re-do.

Run ATF Cleaner

Download ATF Cleaner and save it to your desktop.

Double click on ATF-Cleaner.exe to run it.

• Click on Main at the top.
• Tick all the boxes except the Prefetch and Cookies box.
• Click on Empty Selected button.

If you use Firefox

• Click on Firefox at the top.
• Tick all the boxes except Firefox Cookies and Firefox Saved Passwords.
• Click on Empty Selected button.

If you use Opera

• Click on Opera at the top.
• Tick all the boxes except Opera Cookies and Opera Saved Passwords.
• Click on Empty Selected button.

Close ATF Cleaner when you are done.

Run Malwarebytes' Anti-Malware

1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
2. Double click on mbam-setup.exe to install it.
3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
   • Update Malwarebytes' Anti-Malware
     Launch Malwarebytes' Anti-Malware
4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
6. Leave the default options as it is and click on Start Scan.
7. When done, you will be prompted. Click OK, then click on Show Results.
8. Checked (ticked) all items and click on Remove Selected.
9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

In your next reply, please post:

1. Malwarebytes' Anti-Malware scan report
2. A new HijackThis log

 

[tony6725]

I had a problem when I ran Malware software.

when the scan was running after 1 mins plus, there was a window suddenly poping out. It said Run-Time Error "6". Overflow. I had tried twice, but the problem keep happening.

 

[ndmmxiaomayi]

I will pass your message along to the developer.

In the meanwhile, please do the following:

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
3. When the downloads have finished, click on Next button.
4. Click on Scan Settings button.
5. Select extended under Scan using the following antivirus database:
6. Check (tick) these boxes under Scan options:
   • Scan Archives
   • Scan Mail Bases
7. Click OK
8. Click on My Computer under Please select a target to scan:
9. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
10. Copy and paste this log in your next reply.

In your next reply, please post:

1. Kaspersky Antivirus scan report
2. A new HijackThis log

 

[tony6725]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 10, 2008 00:45:36
Records in database: 845469
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\

Scan statistics:
Files scanned: 78069
Threat name: 15
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 01:57:09


File name / Threat name / Threats count
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000002.pst Infected: Email-Worm.Win32.Bagle.gt 1
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (to 836\Deleted items\2DDA5BAC-0000101E.eml Infected: Trojan-PSW.Win32.Magania.smb 1
C:\Program Files\Eset\infected\23RGQNCA.NQF Infected: Trojan.Win32.Agent.hfr 1
C:\Program Files\Eset\infected\CKDPTXBA.NQF Infected: Trojan.Win32.Agent.cnm 1
C:\Program Files\Eset\infected\ESVQV5AA.NQF Infected: Trojan-Downloader.Win32.Agent.qzz 1
C:\Program Files\Eset\infected\MJKO1RBA.NQF Infected: Trojan.Win32.Inject.ud 1
C:\Program Files\Eset\infected\QKKCMDAA.NQF Infected: Worm.Win32.Skipi.c 1
C:\Program Files\Eset\infected\TJ4YF0DA.NQF Infected: not-a-virusownloader.Win32.WinFixer.au 1
C:\Program Files\Eset\infected\XGG0DGAA.NQF Infected: Trojan-Dropper.Win32.Agent.bdj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dxitpbqh.dll.vir Infected: Trojan.Win32.Monder.le 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fsungpdg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lbjjqrbt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJDsRki.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qvwnvmfa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf 1
C:\QooBox\Quarantine\catchme2008-06-01_163742.91.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.trt 2
C:\QooBox\Quarantine\catchme2008-06-01_163742.91.zip Infected: Backdoor.Win32.Agent.gkf 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 10:29:49, on 2008/6/10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\TOSHIBA\Local Settings\Temp\jkos-TOSHIBA\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ezHelper] C:\Program Files\ezHelper\ezHelper.exe 300
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.webmail.hinet.net
O15 - Trusted Zone: webmail.hinet.net
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1159CFA4-6BEA-4ED4-8166-5556B1BFB232} (pocx Control) - http://202.133.245.200/iCF20071025.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} (KENCAPI Class) - https://ebank.tcb-bank.com.tw/netbank/html/ib/pages/FSCAPIATL.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1185374795424
O16 - DPF: {C01170CC-AF05-46C3-88BC-2C120DCEE288} (KooPlayer Control) - http://www.im.tv/IMTVPlayer.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://extranet.cranfield.ac.uk/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40233121-6B0E-4121-8A54-6B29E63F652F}: NameServer = 138.250.1.75,138.250.1.67
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 13992 bytes

 

[ndmmxiaomayi]

The new Kaspersky scan doesn't look very informative. It showed that there are infected mails in your mail box, but it doesn't tell us what mails are infected. We aren't going to delete the whole mail box just for one infected mail.

Let's see if another scanner works.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

1. Check (tick) this box: YES, I accept the Terms of Use.
2. Click on the Start button next to it.
3. When prompted to run ActiveX. click Yes.
4. You will be asked to install an ActiveX. Click Install.
5. Once installed, the scanner will be initialized.
6. After the scanner is initialized, click Start.
7. Uncheck (untick) Remove found threats box.
8. Check (tick) Scan unwanted applications.
9. Click on Scan.
10. It will start scanning. Please be patient.
11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

 

[tony6725]

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3173 (20080610)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=0925a11e1bf37f49a096187e8e84b65d
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-06-10 07:59:36
# local_time=2008-06-10 08:59:36 )
# country="Taiwan"
# osver=5.1.2600 NT Service Pack 2
# scanned=246126
# found=5
# scan_time=4394
# nod_component=NOD32MOD_WINNT_CHINESE_BASE Build:0x1108031e (NOD32 for Windows NT/2000/XP/2003/x64 - Base)
# nod_component=NOD32MOD_WINNT_CHINESE_INET Build:0x1108031e (NOD32 for Windows NT/2000/XP/2003/x64 - Internet support)
# nod_component=NOD32MOD_WINNT_CHINESE_STANDARD Build:0x1108031e (NOD32 for Windows NT/2000/XP/2003/x64 - Standard component)
C:\QooBox\Quarantine\catchme2008-06-01_163742.91.zip multiple infiltrations 4D0201511FF470C311996349D9BDC558
C:\QooBox\Quarantine\catchme2008-06-01_163742.91.zip ?ZIP ?Documents and Settings/TOSHIBA/catchme.zip multiple infiltrations 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-06-01_163742.91.zip ?ZIP ?Documents and Settings/TOSHIBA/catchme.zip ?ZIP ?iifgEvSL.dll Win32/Adware.Virtumonde application 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-06-01_163742.91.zip ?ZIP ?Documents and Settings/TOSHIBA/catchme.zip ?ZIP ?ljJDSKAP.dll Win32/Adware.Virtumonde application 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-06-01_163742.91.zip ?ZIP ?Documents and Settings/TOSHIBA/catchme.zip ?ZIP ?MsnShell32.dll Win32/AutoRun.OQ worm 00000000000000000000000000000000

 

[ndmmxiaomayi]

Doesn't look very informative. :sad:

I see that you have NOD32 Antivirus. Does it has an email scanner? Please try scanning your whole system with NOD32 Antivirus.

 

[tony6725]

NOD32版本 3172 (20080610) NT
正在檢查NOD32.EXE檔案的CRC：狀態正常
掃描操作記憶體時發生錯誤。 不能掃描操作記憶體(核心服務並未運作或載入nod32m1.vxd時發生錯誤)。
日期： 11.6.2008 時間：18:40:57
已掃描的磁碟，目錄及檔案：C:
C:\pagefile.sys - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\NTUSER.DAT - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\ntuser.dat.LOG - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\01\35-{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}-v1-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v35-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\04\204-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v204-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v204-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\05\205-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v205-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v205-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\06\206-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v206-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v206-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\07\207-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v207-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v207-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\08\208-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v208-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v208-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\09\209-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v209-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v209-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\10\141-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v210-{B15AD867-F633-41BE-80FC-FE2555A3A699}-v141-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\11\2917-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v11-{383E0AF5-1026-47ED-BAAA-00FA695F5784}-v2917-Partial.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\12\2916-{81199B9C-A1ED-4272-B20B-68D8DDA3F709}-v12-{383E0AF5-1026-47ED-BAAA-00FA695F5784}-v2916-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\32\32-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v32-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v32-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\33\33-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v33-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v33-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\36\36-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v36-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v36-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\37\37-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v37-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v37-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\38\38-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v38-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v38-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\38\38-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v38-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v38-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\39\39-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v39-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v39-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\39\39-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v39-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v39-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\40\40-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v40-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v40-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\40\40-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v40-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v40-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\41\41-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v41-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v41-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\41\41-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v41-{B83E7ACB-BAF6-4BC7-83AF-463640566992}-v41-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\42\42-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v42-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v42-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\43\43-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v43-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v43-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\44\44-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v44-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v44-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\45\45-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v45-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v45-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\46\46-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v46-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v46-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\47\47-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v47-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v47-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\48\48-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v48-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v48-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\49\49-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v49-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v49-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\50\50-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v50-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v50-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\51\51-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v51-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v51-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\52\52-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v52-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v52-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\53\53-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v53-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v53-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\54\54-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v54-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v54-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\55\55-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v55-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v55-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\56\56-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v56-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v56-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\57\57-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v57-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v57-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\58\58-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v58-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v58-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\60\60-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v60-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v60-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\63\63-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v63-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v63-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\66\66-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v66-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v66-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\69\69-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v69-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v69-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\72\72-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v72-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v72-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\75\75-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v75-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v75-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\ella0802@hotmail.com\DFSR\Staging\CS{AA8F5D76-C455-E00A-3CCB-A3EE13E65825}\78\78-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v78-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v78-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\00\2761-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1600-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2761-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\01\10-{CEA7A175-653F-0B2F-6FF5-30079103B814}-v1-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v10-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\03\2759-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1603-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2759-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\05\1565-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1505-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1565-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\05\2756-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1605-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2756-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\06\1566-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1506-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1566-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\07\1567-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1507-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1567-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\08\1568-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1508-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1568-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\08\2764-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1608-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2764-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\10\2765-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1610-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2765-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\12\2766-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1612-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2766-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\14\2767-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1614-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2767-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\20\20-{306B156E-57F1-47E0-A578-49876903AC72}-v20-{306B156E-57F1-47E0-A578-49876903AC72}-v20-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\21\21-{306B156E-57F1-47E0-A578-49876903AC72}-v21-{306B156E-57F1-47E0-A578-49876903AC72}-v21-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\21\2768-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1521-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2768-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\22\22-{306B156E-57F1-47E0-A578-49876903AC72}-v22-{306B156E-57F1-47E0-A578-49876903AC72}-v22-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\23\23-{306B156E-57F1-47E0-A578-49876903AC72}-v23-{306B156E-57F1-47E0-A578-49876903AC72}-v23-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\47\247-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v247-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v247-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\48\248-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v248-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v248-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\49\249-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v249-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v249-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\49\2769-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2649-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2769-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\50\250-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v250-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v250-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\50\2770-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2650-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2770-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\56\4293-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v4256-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v4293-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\58\4282-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v4258-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v4282-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\60\4261-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v4260-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v4261-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\64\64-{306B156E-57F1-47E0-A578-49876903AC72}-v64-{306B156E-57F1-47E0-A578-49876903AC72}-v64-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\65\65-{306B156E-57F1-47E0-A578-49876903AC72}-v65-{306B156E-57F1-47E0-A578-49876903AC72}-v65-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\78\2755-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1578-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2755-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\81\2758-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1581-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2758-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\84\2753-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1584-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2753-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\86\2763-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1586-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2763-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\88\2754-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1588-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2754-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\91\2757-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1591-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2757-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\94\2762-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1594-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2762-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\may826@hotmail.com\DFSR\Staging\CS{CEA7A175-653F-0B2F-6FF5-30079103B814}\97\2760-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v1597-{B32ECFDA-CF04-4016-8561-DD17787B95BC}-v2760-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Messenger\tony6725@hotmail.com\SharingMetadata\thinkytseng@hotmail.com\DFSR\Staging\CS{A66AA3A7-10FC-7466-5273-0EE6F9F3E3E3}\29\329-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v329-{8D199142-0E6B-4DFE-90A6-B5C02A76AAD5}-v329-Downloaded.frx - 開啟時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\System Volume Information\MountPointManagerRemoteDatabase - 開啟 (存取拒絕)時發生錯誤。 [4]
C:\System Volume Information\_restore{FE01E12C-C4D0-4F4E-80E6-4A25B7882A1A}\RP240\A0042194.dll - Win32/Adware.Virtumonde.FP 應用程式
C:\System Volume Information\_restore{FE01E12C-C4D0-4F4E-80E6-4A25B7882A1A}\RP246\A0042933.dll - Win32/Adware.Virtumonde.FP 應用程式
C:\System Volume Information\_restore{FE01E12C-C4D0-4F4E-80E6-4A25B7882A1A}\RP246\A0042934.dll - Win32/Adware.AdMedia 應用程式
C:\System Volume Information\_restore{FE01E12C-C4D0-4F4E-80E6-4A25B7882A1A}\RP246\A0042935.dll - Win32/Adware.Virtumonde 應用程式
C:\WINDOWS\system32\config\default - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\WINDOWS\system32\config\default.LOG - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\WINDOWS\system32\config\SAM - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\WINDOWS\system32\config\SAM.LOG - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\WINDOWS\system32\config\SECURITY - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\WINDOWS\system32\config\SECURITY.LOG - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\WINDOWS\system32\config\software - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\WINDOWS\system32\config\software.LOG - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\WINDOWS\system32\config\system - 開啟 (檔案被鎖定)時發生錯誤。 [4]
C:\WINDOWS\system32\config\system.LOG - 開啟 (檔案被鎖定)時發生錯誤。 [4]
已掃描的檔案數目：94296
已發現的病毒數目：4
完結時間： 19:31:22 總掃描時間：3025 秒 (00:50:25)
注意：
[4] 檔案無法被開啟，可能正被另一程式或操作系統使用中。


Does it help you?! BTW, some of my infected emails have been isolated into one category in the outlook. Do you mean this?

 

[ndmmxiaomayi]

If the infected mails are quarantined, it's OK.

 

[tony6725]

so does it mean my computer is ok now?

 

[ndmmxiaomayi]

Yup, it looks good.

Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6.0.

Scroll down to where it says "Java Runtime Environment (JRE) 6u6 allows end-users to run Java applications".

Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".

The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

Check any item with Java Runtime Environment (JRE or J2SE) in the name.

Click the Remove or Change/Remove button.

Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

Post back a new HijackThis log afterwards.

 

[tony6725]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 12:49:05, on 2008/6/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ezHelper] C:\Program Files\ezHelper\ezHelper.exe 300
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.webmail.hinet.net
O15 - Trusted Zone: webmail.hinet.net
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1159CFA4-6BEA-4ED4-8166-5556B1BFB232} (pocx Control) - http://202.133.245.200/iCF20071025.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} (KENCAPI Class) - https://ebank.tcb-bank.com.tw/netbank/html/ib/pages/FSCAPIATL.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1185374795424
O16 - DPF: {C01170CC-AF05-46C3-88BC-2C120DCEE288} (KooPlayer Control) - http://www.im.tv/IMTVPlayer.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://extranet.cranfield.ac.uk/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40233121-6B0E-4121-8A54-6B29E63F652F}: NameServer = 138.250.1.75,138.250.1.67
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 13935 bytes

 

[ndmmxiaomayi]

Log looks good. Any other issues?

 

[tony6725]

Thanks so much for yor help during the period of past few weeks. So should I just keep NOD32 as my main anti-virus software, and delete others which I downloaded past few weeks?

 

[ndmmxiaomayi]

Yes, you should NOD32 as your antivirus. It's a good one.

Now that you are clean, we will need to remove the tools we use.

Remove Combofix

Click on Start > Run. Copy and paste in ComboFix /u and click OK. An image is below for reference.

Create a new, clean System Restore point

1. Click on Start > All Programs > Accessories > System Tools > System Restore.
2. On the Welcome Page, select Create a restore point. Click Next.
3. Give this restore point a descriptive name and click Create.
4. When done, click Close.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.

Clear infected System Restore points

1. Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
2. Select C drive and click OK.
3. Select the More Options tab.
4. Under System Restore, click on Clean up....
5. You will be prompted. Click Yes.
6. When done, click OK.
7. You will be prompted again. Press Yes to confirm.
8. When done, Disk Cleanup will close automatically.

Here are some tips to prevent another infection again. There's no need to install all programs recommended.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update
Office Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2. Never open emails from unknown senders.
3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

1. Winpatrol
   Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
   
   You can get a free copy of Winpatrol or use the Plus version for more features.
   
   You can read Winpatrol's FAQ if you run into problems.
   
   
2. Spyware Blaster
   SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.
   
   You can download SpywareBlaster from Javacool.
   
   If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.
   
   
3. SpywareGuard
   Just as an antivirus program scans a file for viruses before opening it, SpywareGuard does the same thing, except that it scans it for spywares.
   
   You can download SpywareGuard from Javacool.
   
   If you need help in using SpywareGuard, you can SpywareGuard's tutorial at Bleeping Computer.
   
   
4. Malwarebytes' Anti-Malware
   Malwarebytes' Anti-Malware is a new and powerful anti-malware program. It scans and removes malware for free, but if you want real-time protection, you can pay a small one-time fee.
   
   Remember to update and scan with it regularly. A tutorial for using Malwarebytes' Anti-Malware can be found on BFC Computer Help.
   
   Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.
   
   
5. SiteHound Toolbar
   SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird or Pegasus Mail instead.

Here are some more things to read about:

List of clean and infected download managers
Configuring Skype
Greater email safety
Phishing - what is it?
Configuring Outlook Express
The Unofficial Cookie FAQ
Securing your home wireless network
80 Super Security Tips
The different classes of security softwares