vertumonde virus
- Thread starter Godofwar15
- Start date
Godofwar15
New member
yea but the program you asked me to put on my desktop is asking for a location i dont know where the icons location is even in defalt
Godofwar15
New member
its still the hand with a red X what is it sapost to mean
Godofwar15
New member
ok i did but i still have the hand with the red X so im guess the virus deleted it
Godofwar15
New member
afraid not
Godofwar15
New member
im sorry if im stressing you out like this
Godofwar15
New member
cant costs money and sadly thats something i don't have
Shaba
Security Expert: Emeritus
Hi
Please do a search:
Post back results.
Please do a search:
- Go "Start">"Search">"All Files and Folders"
- Enter imageres.dll in "All or part of file name"
- Select "More advanced options"
- Check-mark "Search System Folders", "Search hidden files and folders", and "Search subfolders".
- Click "Search".
Post back results.
Godofwar15
New member
is it something i need if it isnt i can live without it
Godofwar15
New member
search is complete. There is not results to display
Godofwar15
New member
no sorry
Shaba
Security Expert: Emeritus
Hi
Then we concentrate on other things:
First we'll need to backup registry:
Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
It should look like this ->
Doubleclick fix.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)
Reboot.
Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note: This scanner will work with Internet Explorer Only!
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
Then we concentrate on other things:
First we'll need to backup registry:
Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
It should look like this ->
Doubleclick fix.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)
Reboot.
Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
- Click OK
- Now under select a target to scan select My Computer
- The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button
- Save the file to your desktop.
- Copy and paste that information in your next post.
Note: This scanner will work with Internet Explorer Only!
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
Godofwar15
New member
kespersky report
------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 26, 2008 3:36:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/01/2008
Kaspersky Anti-Virus database records: 533507
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 99707
Number of viruses found: 6
Number of infected objects: 47
Number of suspicious objects: 0
Duration of the scan process: 01:09:11
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\rk.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\AndrewM\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\AndrewM\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\AndrewM\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\AndrewM\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\AndrewM\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\AndrewM\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\AndrewM\NTUSER.DAT Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014300.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014300.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014301.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014301.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014305.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014305.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014306.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014306.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014307.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014307.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014308.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014308.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014309.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014309.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014310.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014310.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP32\A0014582.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015170.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015170.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015173.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015173.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015174.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015174.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015175.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015175.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015176.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015176.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015177.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015177.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015178.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015178.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015179.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015180.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015181.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015181.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015182.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015183.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP42\A0018526.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP42\A0018528.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP42\A0018529.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP44\A0018705.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP50\change.log Object is locked skipped
C:\WIN_XP\system32\config\system.LOG Object is locked skipped
C:\WIN_XP\system32\config\software.LOG Object is locked skipped
C:\WIN_XP\system32\config\default.LOG Object is locked skipped
C:\WIN_XP\system32\config\SAM.LOG Object is locked skipped
C:\WIN_XP\system32\config\SECURITY.LOG Object is locked skipped
C:\WIN_XP\system32\config\AppEvent.Evt Object is locked skipped
C:\WIN_XP\system32\config\SecEvent.Evt Object is locked skipped
C:\WIN_XP\system32\config\SysEvent.Evt Object is locked skipped
C:\WIN_XP\system32\config\Antivirus.Evt Object is locked skipped
C:\WIN_XP\system32\config\SECURITY Object is locked skipped
C:\WIN_XP\system32\config\SOFTWARE Object is locked skipped
C:\WIN_XP\system32\config\SYSTEM Object is locked skipped
C:\WIN_XP\system32\config\DEFAULT Object is locked skipped
C:\WIN_XP\system32\config\SAM Object is locked skipped
C:\WIN_XP\system32\drivers\sptd.sys Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WIN_XP\system32\CatRoot2\edb.log Object is locked skipped
C:\WIN_XP\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WIN_XP\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WIN_XP\TEMP\Perflib_Perfdata_688.dat Object is locked skipped
C:\WIN_XP\Debug\PASSWD.LOG Object is locked skipped
C:\WIN_XP\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WIN_XP\WindowsUpdate.log Object is locked skipped
C:\QooBox\Quarantine\C\WIN_XP\system32\ljjhiff.dll.vir Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\QooBox\Quarantine\C\WIN_XP\system32\rqroopm.dll.vir Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\QooBox\Quarantine\C\WIN_XP\system32\wvusrqn.dll.vir Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\QooBox\Quarantine\catchme2008-01-25_114330.34.zip/xxyaayx.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\QooBox\Quarantine\catchme2008-01-25_114330.34.zip ZIP: infected - 1 skipped
Scan process completed.
------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 26, 2008 3:36:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/01/2008
Kaspersky Anti-Virus database records: 533507
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 99707
Number of viruses found: 6
Number of infected objects: 47
Number of suspicious objects: 0
Duration of the scan process: 01:09:11
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\rk.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\AndrewM\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\AndrewM\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\AndrewM\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\AndrewM\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\AndrewM\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\AndrewM\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\AndrewM\NTUSER.DAT Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014300.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014300.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014301.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014301.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014305.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014305.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014306.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014306.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014307.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014307.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014308.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014308.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014309.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014309.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014310.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP26\A0014310.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP32\A0014582.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015170.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015170.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015173.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015173.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015174.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015174.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015175.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015175.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015176.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015176.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015177.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015177.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015178.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015178.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015179.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015180.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015181.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015181.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015182.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP39\A0015183.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP42\A0018526.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP42\A0018528.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP42\A0018529.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP44\A0018705.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{55E14C23-24BD-4438-93E0-DEBB9345413B}\RP50\change.log Object is locked skipped
C:\WIN_XP\system32\config\system.LOG Object is locked skipped
C:\WIN_XP\system32\config\software.LOG Object is locked skipped
C:\WIN_XP\system32\config\default.LOG Object is locked skipped
C:\WIN_XP\system32\config\SAM.LOG Object is locked skipped
C:\WIN_XP\system32\config\SECURITY.LOG Object is locked skipped
C:\WIN_XP\system32\config\AppEvent.Evt Object is locked skipped
C:\WIN_XP\system32\config\SecEvent.Evt Object is locked skipped
C:\WIN_XP\system32\config\SysEvent.Evt Object is locked skipped
C:\WIN_XP\system32\config\Antivirus.Evt Object is locked skipped
C:\WIN_XP\system32\config\SECURITY Object is locked skipped
C:\WIN_XP\system32\config\SOFTWARE Object is locked skipped
C:\WIN_XP\system32\config\SYSTEM Object is locked skipped
C:\WIN_XP\system32\config\DEFAULT Object is locked skipped
C:\WIN_XP\system32\config\SAM Object is locked skipped
C:\WIN_XP\system32\drivers\sptd.sys Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WIN_XP\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WIN_XP\system32\CatRoot2\edb.log Object is locked skipped
C:\WIN_XP\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WIN_XP\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WIN_XP\TEMP\Perflib_Perfdata_688.dat Object is locked skipped
C:\WIN_XP\Debug\PASSWD.LOG Object is locked skipped
C:\WIN_XP\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WIN_XP\WindowsUpdate.log Object is locked skipped
C:\QooBox\Quarantine\C\WIN_XP\system32\ljjhiff.dll.vir Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\QooBox\Quarantine\C\WIN_XP\system32\rqroopm.dll.vir Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\QooBox\Quarantine\C\WIN_XP\system32\wvusrqn.dll.vir Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\QooBox\Quarantine\catchme2008-01-25_114330.34.zip/xxyaayx.dll Infected: Trojan-Downloader.Win32.Small.hlq skipped
C:\QooBox\Quarantine\catchme2008-01-25_114330.34.zip ZIP: infected - 1 skipped
Scan process completed.
Godofwar15
New member
hyjack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:12 PM, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WIN_XP\System32\smss.exe
C:\WIN_XP\system32\winlogon.exe
C:\WIN_XP\system32\services.exe
C:\WIN_XP\system32\lsass.exe
C:\WIN_XP\system32\svchost.exe
C:\WIN_XP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WIN_XP\Explorer.EXE
C:\WIN_XP\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WIN_XP\system32\netdde.exe
C:\WIN_XP\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\godofwar.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN_XP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN_XP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WIN_XP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WIN_XP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN_XP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN_XP\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WIN_XP\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN_XP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN_XP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\win_xp\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C45577E-8FA0-4BFD-BF25-49EC394BA62C}: NameServer = 64.71.255.198
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN_XP\system32\nvsvc32.exe
--
End of file - 5192 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:12 PM, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WIN_XP\System32\smss.exe
C:\WIN_XP\system32\winlogon.exe
C:\WIN_XP\system32\services.exe
C:\WIN_XP\system32\lsass.exe
C:\WIN_XP\system32\svchost.exe
C:\WIN_XP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WIN_XP\Explorer.EXE
C:\WIN_XP\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WIN_XP\system32\netdde.exe
C:\WIN_XP\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\godofwar.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN_XP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN_XP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WIN_XP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WIN_XP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN_XP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN_XP\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WIN_XP\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN_XP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN_XP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\win_xp\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C45577E-8FA0-4BFD-BF25-49EC394BA62C}: NameServer = 64.71.255.198
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN_XP\system32\nvsvc32.exe
--
End of file - 5192 bytes
Shaba
Security Expert: Emeritus
Hi
Delete this:
C:\WINDOWS\system32\rk.exe
Empty Recycle Bin.
All viruses are in system restore and inactive.
I give you later instructions how to empty it.
As for icon issue, I can redirect you to some windows forum if you like to.
Other than that, any problems left?
Delete this:
C:\WINDOWS\system32\rk.exe
Empty Recycle Bin.
All viruses are in system restore and inactive.
I give you later instructions how to empty it.
As for icon issue, I can redirect you to some windows forum if you like to.
Other than that, any problems left?