Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unknown malware infection


  • Please log in to reply

#1
k0rr

k0rr

    Member

  • Member
  • PipPip
  • 90 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:08:43 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MemTurbo30\MemTurbo.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bobby\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {b05083cd-a84c-40bf-bbdc-6f91afc0750b} - C:\WINDOWS\system32\c_1dlg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (GTDownloaderCtrl Class) - http://inst.c-wss.co...ml/gtdownlr.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.3.1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O20 - Winlogon Notify: c_1dlg - C:\WINDOWS\SYSTEM32\c_1dlg.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi k0rr and Welcome to Geeks to Go!


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Click File and then Click Run as a System Task.
  • Click "Yes" to the prompt that follows and wait for Killbox to re-appear.
  • Once Killbox re-appears,Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\c_1dlg.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.



Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {b05083cd-a84c-40bf-bbdc-6f91afc0750b} - C:\WINDOWS\system32\c_1dlg.dll

O20 - Winlogon Notify: c_1dlg - C:\WINDOWS\SYSTEM32\c_1dlg.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Post back with a fresh HijackThis log and the report from F-Secure
  • 0

#3
k0rr

k0rr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:49:49 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\MemTurbo30\MemTurbo.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\bobby\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\bobby\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\bobby\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (GTDownloaderCtrl Class) - http://inst.c-wss.co...ml/gtdownlr.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.3.1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



Result: 38 malware found
Exploit.HTML.CodeBaseExec (virus)

* C:\DOCUMENTS AND SETTINGS\BOBBY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KDMBOTYN\YSB_PROMPT[1].HTM (Renamed & Submitted)

JS/Istbar.P (virus)

* C:\DOCUMENTS AND SETTINGS\BOBBY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8HUNWLIJ\TOOLBAR2[1].HTM (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System

Trojan-Downloader.Win32.Agent.anm (virus)

* C:\WINDOWS\SYSTEM32\JKKLJJK.DLL (Renamed)

Trojan-Downloader.Win32.ConHook.ac (virus)

* C:\WINDOWS\SYSTEM32\GEBCB.EXE (Renamed)
* C:\WINDOWS\SYSTEM32\SSTQQ.EXE (Renamed & Submitted)

WhenU.WeatherCast (spyware)

* System (Disinfected)

i recieved the PendingFileRenameOperations prompt
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
You be able to easily delete the renamed files now.

C:\WINDOWS\SYSTEM32\JKKLJJK.DLL

C:\WINDOWS\SYSTEM32\GEBCB.EXE

C:\WINDOWS\SYSTEM32\SSTQQ.EXE

Now Renamed with a different extension,similar to this

C:\WINDOWS\SYSTEM32\JKKLJJK.0LL

C:\WINDOWS\SYSTEM32\GEBCB.0XE

C:\WINDOWS\SYSTEM32\SSTQQ.0XE


Download WinPFind to your C Drive.
http://download.blee...r/winpfind2.zip

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)

From the WinPFind folder-> Doubleclick WinPFind.exe to launch the program.

Under Registry Options,Click the Remove All tab.

Under File Options,Click the Select All tab.

Now, Click "Run All Standard Scans"

The scan takes a bit to finish,please be patient.

Once Completed-> Click "Save Scans to Text File" and the log (WinPFind2.txt) will be automatically saved to the WinPFind folder.


Restart Normal and have the PC scanned here
http://www.bitdefend...can/licence.php


Post back with the results from WinPFind and Bit Defender.

Edited by Cretemonster, 03 July 2006 - 02:56 AM.

  • 0

#5
k0rr

k0rr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Logfile created on: 07/03/2006 12:18
WinPFind2 - PreRelease 1.3.0 Folder = C:\unzipped\winpfind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2800.1106)


Processes
Image Name ProcessID Thread Count Parent ID Base Priority Full Path Version Info
csrss.exe 000268 0009 000220 Normal \??\c:\windows\system32\csrss.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 4096 bytes])
explorer.exe 000832 0011 000812 Normal c:\windows\explorer.exe (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) / Size = 1004032 bytes])
lsass.exe 000352 0019 000292 Normal c:\windows\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 11776 bytes])
services.exe 000340 0016 000292 Normal c:\windows\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 101376 bytes])
smss.exe 000220 0003 000004 Normal \systemroot\system32\smss.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 45568 bytes])
svchost.exe 000516 0005 000340 Normal c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 12800 bytes])
svchost.exe 000540 0020 000340 Normal c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 12800 bytes])
winlogon.exe 000292 0016 000220 High \??\c:\windows\system32\winlogon.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 516608 bytes])
winpfind2.exe 000928 0001 000832 Normal c:\unzipped\winpfind2\winpfind2.exe (OldTimer Tools [Ver = 1.3.0.0 / Size = 375296 bytes])

Registry Entries
Key Value Version Info
WinPFind2 - PreRelease 1.3.0
Microsoft Windows XP Version = Service Pack 2
Internet Explorer Version = 6.0.2800.1106

Services
Name Internal Name Startup Type State Service Type Path Version Info
Cryptographic Services CryptSvc Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 12800 bytes])
Logical Disk Manager dmserver Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 12800 bytes])
Event Log Eventlog Automatic Running Win32, running in a shared process C:\WINDOWS\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 101376 bytes])
Help and Support helpsvc Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 12800 bytes])
Plug and Play PlugPlay Automatic Running Win32, running in a shared process C:\WINDOWS\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 101376 bytes])
Remote Procedure Call (RPC) RpcSs Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 12800 bytes])
System Restore Service srservice Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 12800 bytes])
Windows Management Instrumentation winmgmt Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 12800 bytes])

Files
Full Path Details
%SystemDrive%
%ProgramFilesDir%
%WinDir%
C:\WINDOWS\IFinst27.exe UPX! [Ver = / Size = 65536 bytes] 04/02/2006 23:38
%System%
C:\WINDOWS\SYSTEM32\avisynth.dll UPX! The Public [Ver = 2, 5, 5, 0 / Size = 284672 bytes] 09/01/2004 07:49
C:\WINDOWS\SYSTEM32\d3dx9_25.dll D3DXUVAtlasPack Microsoft Corporation [Ver = 9.06.168.0000 / Size = 2337488 bytes] 03/18/2005 17:19
C:\WINDOWS\SYSTEM32\d3dx9_26.dll D3DXUVAtlasPack Microsoft Corporation [Ver = 9.07.239.0000 / Size = 2297552 bytes] 05/26/2005 16:34
C:\WINDOWS\SYSTEM32\d3dx9_27.dll D3DXUVAtlasPack Microsoft Corporation [Ver = 9.08.299.0000 / Size = 2319568 bytes] 07/22/2005 19:59
C:\WINDOWS\SYSTEM32\d3dx9_28.dll D3DXUVAtlasPack Microsoft Corporation [Ver = 9.10.455.0000 / Size = 2323664 bytes] 12/05/2005 18:09
C:\WINDOWS\SYSTEM32\d3dx9_29.dll D3DXUVAtlasPack Microsoft Corporation [Ver = 9.11.519.0000 / Size = 2332368 bytes] 02/03/2006 08:43
C:\WINDOWS\SYSTEM32\d3dx9_30.dll D3DXUVAtlasPack Microsoft Corporation [Ver = 9.12.589.0000 / Size = 2388176 bytes] 03/31/2006 12:40
C:\WINDOWS\SYSTEM32\dfrg.msc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 [Ver = / Size = 41397 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\KillBox.exe UPX! Option^Explicit Software [email protected] [Ver = 2.00.0887 / Size = 93184 bytes]07/02/2006 17:26
C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL RIMAPPTECHNOLOGIES Microsoft Corporation [Ver = 1.5.0530.0 / Size = 579888 bytes] 05/17/2006 11:23
C:\WINDOWS\SYSTEM32\MRT.exe (PeCompact2) Microsoft Corporation [Ver = 1.5.0661.0 / Size = 1292120 bytes] 06/09/2005 14:35
C:\WINDOWS\SYSTEM32\MRT.exe (ASPack) Microsoft Corporation [Ver = 1.5.0661.0 / Size = 1292120 bytes] 06/09/2005 14:35
C:\WINDOWS\SYSTEM32\rasdlg.dll \DuMonitor SendMessage(WM_RASEVENT) doneMicrosoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 631808 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\wbdbase.deu msubjsuchsullsupeswinsyncszens [Ver = / Size = 1309184 bytes] 08/23/2001 08:00
%System%\Drivers folder and sub-folders
%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat [Ver = / Size = 2048 bytes] 07/03/2006 12:09 S
C:\WINDOWS\QTFont.qfn [Ver = / Size = 54156 bytes] 07/02/2006 13:40 H
C:\WINDOWS\Help\nocontnt.GID [Ver = / Size = 10820 bytes] 06/04/2006 21:18 H
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem16.CAT [Ver = / Size = 95392 bytes] 05/16/2006 21:50 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\xact2_2_x86.CAT [Ver = / Size = 8225 bytes] 05/31/2006 07:33 S
C:\WINDOWS\system32\config\default.LOG [Ver = / Size = 8192 bytes] 07/03/2006 12:09 H
C:\WINDOWS\system32\config\SAM.LOG [Ver = / Size = 1024 bytes] 07/03/2006 12:10 H
C:\WINDOWS\system32\config\SECURITY.LOG [Ver = / Size = 12288 bytes] 07/03/2006 12:09 H
C:\WINDOWS\system32\config\software.LOG [Ver = / Size = 81920 bytes] 07/03/2006 12:11 H
C:\WINDOWS\system32\config\system.LOG [Ver = / Size = 925696 bytes] 07/03/2006 12:09 H
C:\WINDOWS\Tasks\SA.DAT [Ver = / Size = 6 bytes] 07/03/2006 12:08 H
CPL files
C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 66048 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 578560 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 129024 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 150016 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) / Size = 292352 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 121856 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 208896 bytes] 08/29/2002 04:41
C:\WINDOWS\SYSTEM32\jpicpl32.cpl Sun Microsystems, Inc. [Ver = 5.0.60.5 / Size = 49265 bytes] 11/10/2005 13:03
C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation [Ver = 5.1.2403.1 / Size = 187904 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 559616 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 35840 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) / Size = 256000 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 36864 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation [Ver = 3.525.1022.0 ((Webdata).030220-1508) / Size = 32768 bytes] 02/20/2003 18:39
C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) / Size = 109056 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\QuickTime.cpl Apple Computer, Inc. [Ver = 6.5.1 / Size = 323072 bytes] 09/23/2004 18:57
C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 268288 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 28160 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 90112 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) / Size = 174360 bytes] 05/26/2005 04:16
C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 66048 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 150016 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) / Size = 292352 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 121856 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 208896 bytes] 08/29/2002 04:41
C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation [Ver = 5.1.2403.1 / Size = 187904 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 559616 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 35840 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) / Size = 256000 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 36864 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation [Ver = 3.525.1022.0 ((Webdata).030220-1508) / Size = 32768 bytes] 02/20/2003 18:39
C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) / Size = 109056 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation [Ver = 5.1.4111.00 (xpsp1.020828-1920) / Size = 147456 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) / Size = 268288 bytes] 08/29/2002 03:41
C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 28160 bytes] 08/23/2001 08:00
C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 90112 bytes] 08/23/2001 08:00
AllUsers Startup Folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [Ver = / Size = 1757 bytes] 06/27/2006 13:01
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [Ver = / Size = 84 bytes] 07/05/2005 12:08 HS
AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini [Ver = / Size = 62 bytes] 07/05/2005 04:08 HS
CurrentUser Startup Folder
C:\Documents and Settings\bobby\Start Menu\Programs\Startup\Adobe Gamma.lnk [Ver = / Size = 988 bytes] 01/11/2006 17:36
C:\Documents and Settings\bobby\Start Menu\Programs\Startup\desktop.ini [Ver = / Size = 84 bytes] 07/05/2005 12:08 HS
C:\Documents and Settings\bobby\Start Menu\Programs\Startup\MemTurbo.lnk [Ver = / Size = 678 bytes] 07/02/2006 17:30
C:\Documents and Settings\bobby\Start Menu\Programs\Startup\Registration-Studio 8.lnk [Ver = / Size = 913 bytes] 10/23/2005 10:04
C:\Documents and Settings\bobby\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk [Ver = / Size = 786 bytes] 06/12/2006 21:34
CurrentUser ApplicationData Folder
C:\Documents and Settings\bobby\Application Data\desktop.ini [Ver = / Size = 62 bytes] 07/05/2005 04:08 HS
DPF files
{17492023-C23A-453E-A040-C7C580BBF700} Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204
{25365FF3-2746-4230-9DA7-163CCA318309} GTDownloaderCtrl Class - CodeBase = http://inst.c-wss.co...ml/gtdownlr.cab
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} DownloadManager Control - CodeBase = http://dlmanager.aka...vex-2.0.3.1.cab
{33564D57-0000-0010-8000-00AA00389B71} - CodeBase = http://download.micr...922/wmv9VCM.CAB
{48884C41-EFAC-433D-958A-9FADAC41408E} EGamesPlugin Class - CodeBase = https://www.e-games....GamesPlugin.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} F-Secure Online Scanner 3.0 - CodeBase = http://support.f-sec.../ols3/fscax.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - CodeBase = http://fpdownload.ma...ent/swflash.cab
Hosts file = 734 bytes. Reading all entries.
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

BitDefender Online Scanner

Scan report generated at: Mon, Jul 03, 2006 - 15:19:14

Scan path: C:\;D:\;E:\;F:\;H:\;



Statistics

Time 02:57:14

Files 671363

Folders 6685

Boot Sectors 2

Archives 4092

Packed Files 76983



Results

Identified Viruses 2

Infected Files 2

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 3


Engines Info

Virus Definitions 405873

Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins 13

Archive plugins 39

Unpack plugins 5

E-mail plugins 6

System plugins 1


Scan Settings

First Action Disinfect

Second Action Delete

Heuristics Yes

Enable Warnings Yes

Scanned Extensions *;

Exclude Extensions

Scan Emails Yes

Scan Archives Yes

Scan Packed Yes

Scan Files Yes

Scan Boot Yes


Scanned File


Status

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A8C0000.VBN=>(Quarantine-PE)


Infected with: [email protected]

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A8C0000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A8C0000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A940000.VBN=>REMOVED_NULLS


Infected with: Exploit.Win32.WMF-PFV.G

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A940000.VBN=>REMOVED_NULLS


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A940000.VBN=>REMOVED_NULLS


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A940000.VBN


Update failed
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Looking good so far!

Locate and Delete this file--> C:\WINDOWS\IFinst27.exe


If you will,post the Bit Defender Results by themselves,seems the log got cut off.


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools.../downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP