Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help removing a virus/trojan.

Started by Sal_88 , Jul 05 2011 11:57 PM

This topic is locked

#1
Sal_88

Posted 05 July 2011 - 11:57 PM

New Member

Member
6 posts

I am a noob when it comes with computers so I really need help on this one.

- The virus/Trojan/Malware redirects me to another website when I click on links on google. The websites it redirects me to are fake anti-malware software purchase websites. This only happens in Fire Fox Google chrome works fine

- I have tried using malwarebytes and it closes after 4 seconds. I have also tried renaming the exe file and have also tried running it in safe mode and nothing it closes every time.

- If you need anymore details please respond. Thanks.

Edited by Sal_88, 05 July 2011 - 11:57 PM.

#2
Homburg

Posted 06 July 2011 - 03:06 AM

Trusted Helper

Malware Removal
665 posts

Hello Sal_88 and welcome to GeeksToGo

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
Please do not try to fix anything without being asked
Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
I am currently reviewing your logs.

#3
Homburg

Posted 06 July 2011 - 01:27 PM

Trusted Helper

Malware Removal
665 posts

Hello Sal_88,

Can you please do the following in the order I've listed:

Step 1:

Download these programs to your desktop but don't run them yet.

Download RogueKiller to your desktop

Download OTL to your desktop

Download aswMBR.exe ( 1.8mB ) to your desktop.

Step 2:

Note: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run roguekiller again

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Next:

Double click on the OTL icon to run it
Make sure all other windows are closed and to let it run uninterrupted.
Select All Users

Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\*.exe %USERPROFILE%\..|smtmp;true;true;true /FP /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Next :

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 3:

You may find it easier to post each log individually.

Please remember to post:
The RougeKiller report
Both the OTL .txt and the extra.txt scans
The aswMBR scan

Homburg

#4
Sal_88

Posted 06 July 2011 - 01:58 PM

New Member

Topic Starter
Member
6 posts

These are the rougekiller results

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date : 07/06/2011 12:52:35

Bad processes: 1
[SUSP PATH] CMDLIN~1.DLL -- C:\DOCUME~1\user\LOCALS~1\Temp\CMDLIN~1.DLL -> UNLOADED

Registry Entries: 3
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

#5
Sal_88

Posted 06 July 2011 - 02:05 PM

New Member

Topic Starter
Member
6 posts

I cannot get OTL to run i always closes on me but here is the aswMBR results.

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-06 13:03:39
-----------------------------
13:03:39.140 OS Version: Windows 5.1.2600 Service Pack 3
13:03:39.140 Number of processors: 4 586 0x1707
13:03:39.140 ComputerName: OWNER-A0064DB29 UserName: user
13:03:40.265 Initialize success
13:03:57.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:03:57.328 Disk 0 Vendor: ST3320613AS SD22 Size: 305244MB BusType: 3
13:03:59.359 Disk 0 MBR read successfully
13:03:59.359 Disk 0 MBR scan
13:03:59.359 Disk 0 Windows XP default MBR code
13:04:01.359 Disk 0 scanning sectors +625121280
13:04:01.406 Disk 0 scanning C:\WINDOWS\system32\drivers
13:04:06.125 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
13:04:15.421 Service scanning
13:04:16.421 Disk 0 trace - called modules:
13:04:16.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xba18ef90]<<
13:04:16.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acbfab8]
13:04:16.421 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a6bab30]
13:04:16.437 \Driver\00000771[0x8ab05a28] -> IRP_MJ_CREATE -> 0xba18ef90
13:04:16.437 Scan finished successfully
13:04:26.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\Downloads\MBR.dat"
13:04:26.218 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\Downloads\aswMBR.txt"

#6
Homburg

Posted 07 July 2011 - 01:39 PM

Trusted Helper

Malware Removal
665 posts

Hello Sal_88,

Can you please do the following:

Step 1:

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

If ComboFix will not run in normal mode please try it in Safe Mode with Networking
To do that do the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the option, to run Windows in Safe Mode with Networking, then press "Enter".
Choose your usual account.

Then run ComboFix following the instructions above.

Step 2:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Homburg

#7
Sal_88

Posted 07 July 2011 - 03:59 PM

New Member

Topic Starter
Member
6 posts

When installing combofix I get the following popup :

!! ALERT !! It is NOT SAFE to continue.

The contents of the ComboFix package has been compromised.
Please download a fresh copy from:

http://www.bleepingc...to-use-combofix

NOTE: You may be infected with a patching virus 'Virut'

I have been reading online about this and all of them say that reformatting is the best option.

#8
Homburg

Posted 08 July 2011 - 11:24 AM

Trusted Helper

Malware Removal
665 posts

Hello Sal_88,

It's not looking good whenever Virut is on a PC. It's possible that reformat is the most likely solution but first we will confirm that it is Virut and this tool has had some success on other systems.

Please do the following:

Step 1:

Download Dr Web from here. Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

Step 2:

If you are unable to run the above then we'll try DrWeb as a bootable CD and run it outside of Windows.

It will be better to burn this on a uninfected PC

Download FreeISOBurner to desktop
Download Dr.Web Live CD to desktop

Insert blank CD into CD burner
Start FreeISOBurner
Click Open button and load Dr.Web LiveCD ISO file
Select burn speed 16x or less
Press Burn button
Having made the bootable CD set your system to boot from CD (Instructions)
Insert the CD and reboot your PC
Once Dr.Web starts select Dr.Web LiveCD (Default)
Press Scanner button on the top
Press Custom scan on the left side
Check all disks on the right side
Now press Begin the scan button to start scanner
After the scan select all infected files and press Cure button
Select Tools then Journal
Click Export button and save report as drweb.txt to hda1 folder

Restart your system and post C:\drweb.txt log here for me.

If that is succesful then delete the ComboFix on the desktop and download a fresh copy:

Step 3:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Homburg

#9
Sal_88

Posted 08 July 2011 - 01:01 PM

New Member

Topic Starter
Member
6 posts

I was able to run it here are the results.

=============================================================================
Dr.Web Scanner for Windows v6.00.10 (6.00.10.06290)
© Doctor Web, Ltd., 1992-2011
Log generated on: 2011-07-08, 11:54:39 [user]
Command line: "C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\be792_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 3
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\df615e27 - 4987 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\8ee3fc88 - 20721 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\5e4207ee - 35434 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\a97c61d2 - 41517 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\1fac759e - 25512 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\e5f3409d - 28999 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\8d6f06df - 36564 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\37645660 - 30676 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\48fe9ba8 - 25157 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\2e46d034 - 21479 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\8a9de935 - 23541 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\27c1ea05 - 24447 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\e3c86004 - 21471 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\94621dfa - 17824 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\2f75b3c7 - 18737 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\7184a4cd - 8998 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\5df4eed8 - 9352 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\90fbdfd9 - 4901 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\4b13625e - 7472 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\63d902c4 - 13720 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\0bef6836 - 12944 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\695dd7e2 - 17300 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\b9431bfe - 17443 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\8b674403 - 18483 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\4dc5c772 - 14834 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\5a52ec73 - 14185 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\70a30618 - 13370 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\6cfc7783 - 7482 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\7b1c4baa - 11624 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\647f5e57 - 10523 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\739d7ff3 - 10122 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\17c3b992 - 10453 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\c9c53fa8 - 10778 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\f03479a7 - 9822 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\76931eda - 14045 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\6cd6edac - 7028 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\fad9dcde - 8674 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\eb892c4d - 8626 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\d0cfeb6e - 8231 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\75b98d46 - 10397 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\26a1ce9e - 11234 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\2b431176 - 10356 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\76ff69d5 - 11383 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\7268ed84 - 8957 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\673b8c66 - 11015 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\928f5538 - 11168 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\971c608e - 7798 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\1694a853 - 7873 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\f81f3109 - 6904 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\79105eae - 6503 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\68824060 - 9823 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\f18534ba - 7572 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\2ac72050 - 6996 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\ff3cc0a4 - 16360 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\8565b52a - 29168 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\b4c421c6 - 34202 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\ca171d32 - 28292 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\09e1ce84 - 27164 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\b2fc6e11 - 25131 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\797bf2e5 - 31464 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\9c89a41f - 18281 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\c118f3e1 - 18009 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\f786dc6c - 24685 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\196167bd - 13651 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\aea88e91 - 16025 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\885e6bbc - 15644 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\6cda01d6 - 23265 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\d00d1e2a - 23135 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\656dcf14 - 20510 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\41584cb8 - 25475 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\0785b744 - 16298 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\63d69b02 - 19357 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\4ab27fd5 - 18381 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\d320b0b2 - 19562 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\0d6bb9e6 - 27102 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\fbf231e0 - 21223 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\85c79ca8 - 24847 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\751e37c0 - 23251 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\8491dd14 - 14982 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\7d764c47 - 16778 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\6b3ce728 - 18725 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\138da0b4 - 18429 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\08fc11d5 - 6220 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\73e64d47 - 142240 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\093ca772 - 66726 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\9e561ba0 - 24512 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\063125e8 - 82762 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\25102650 - 508543 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\41d8e6e9 - 1722 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\a6b6fffa - 1694 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\87d15c30 - 1578 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\2e2f045f - 1959 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\3804fbdf - 2033 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\5b706353 - 1812 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\29e4368c - 1738 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\90786f13 - 1885 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\84e24e9a - 2091 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\e7e56243 - 1569 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\8af1a312 - 1834 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\62bfcc4f - 2049 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\640176c8 - 1603 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\52552cfe - 1919 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\7a7ef474 - 1819 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\31f6ffd3 - 2229 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\db93164c - 1833 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\dfeabb18 - 1614 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\29d5be32 - 2297 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\e2bf72ae - 2110 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\cf10eeab - 2007 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\fa4c1e2b - 2370 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\bd55d9c0 - 2241 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\2c368d80 - 2596 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\6510837e - 2024 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\0c1883ba - 1609 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\d54e3425 - 1471 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\99d4aaff - 1445 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\aa28fa96 - 1895 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\7372bc74 - 2312 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\e876d44f - 3006 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\c143c75c - 2146 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\4193dc28 - 1714 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\dbcf3753 - 2095 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\8d4ac496 - 2715 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\f79a966d - 2545 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\33ed4b2d - 2801 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\b6309d04 - 6197 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\53350c19 - 28348 virus records
Total virus records: 2344779
[Self-checking] C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\be792_xp.exe
Key file: C:\Documents and Settings\user\Local Settings\Temp\7BFA9AA0-3AE8E530-485F8EF0-57CAD328\setup.key
License key number: 0013622856
Registered to: An unauthorized User
License key activates on: 2011-03-10
License key expires on: 2012-03-11
=============================================================================
Dr.Web Scanner for Windows v6.00.10 (6.00.10.06290)
© Doctor Web, Ltd., 1992-2011
Log generated on: 2011-07-08, 11:56:33 [user]
Command line: "C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\be792_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 3
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\df615e27 - 4987 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\8ee3fc88 - 20721 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\5e4207ee - 35434 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\a97c61d2 - 41517 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\1fac759e - 25512 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\e5f3409d - 28999 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\8d6f06df - 36564 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\37645660 - 30676 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\48fe9ba8 - 25157 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\2e46d034 - 21479 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\8a9de935 - 23541 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\27c1ea05 - 24447 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\e3c86004 - 21471 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\94621dfa - 17824 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\2f75b3c7 - 18737 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\7184a4cd - 8998 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\5df4eed8 - 9352 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\90fbdfd9 - 4901 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\4b13625e - 7472 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\63d902c4 - 13720 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\0bef6836 - 12944 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\695dd7e2 - 17300 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\b9431bfe - 17443 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\8b674403 - 18483 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\4dc5c772 - 14834 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\5a52ec73 - 14185 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\70a30618 - 13370 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\6cfc7783 - 7482 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\7b1c4baa - 11624 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\647f5e57 - 10523 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\739d7ff3 - 10122 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\17c3b992 - 10453 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\c9c53fa8 - 10778 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\f03479a7 - 9822 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\76931eda - 14045 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\6cd6edac - 7028 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\fad9dcde - 8674 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\eb892c4d - 8626 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\d0cfeb6e - 8231 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\75b98d46 - 10397 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\26a1ce9e - 11234 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\2b431176 - 10356 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\76ff69d5 - 11383 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\7268ed84 - 8957 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\673b8c66 - 11015 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\928f5538 - 11168 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\971c608e - 7798 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\1694a853 - 7873 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\f81f3109 - 6904 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\79105eae - 6503 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\68824060 - 9823 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\f18534ba - 7572 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\2ac72050 - 6996 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\ff3cc0a4 - 16360 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\8565b52a - 29168 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\b4c421c6 - 34202 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\ca171d32 - 28292 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\09e1ce84 - 27164 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\b2fc6e11 - 25131 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\797bf2e5 - 31464 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\9c89a41f - 18281 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\c118f3e1 - 18009 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\f786dc6c - 24685 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\196167bd - 13651 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\aea88e91 - 16025 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\885e6bbc - 15644 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\6cda01d6 - 23265 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\d00d1e2a - 23135 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\656dcf14 - 20510 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\41584cb8 - 25475 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\0785b744 - 16298 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\63d69b02 - 19357 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\4ab27fd5 - 18381 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\d320b0b2 - 19562 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\0d6bb9e6 - 27102 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\fbf231e0 - 21223 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\85c79ca8 - 24847 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\751e37c0 - 23251 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\8491dd14 - 14982 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\7d764c47 - 16778 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\6b3ce728 - 18725 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\138da0b4 - 18429 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\08fc11d5 - 6220 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\73e64d47 - 142240 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\093ca772 - 66726 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\9e561ba0 - 24512 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\063125e8 - 82762 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\25102650 - 508543 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\41d8e6e9 - 1722 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\a6b6fffa - 1694 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\87d15c30 - 1578 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\2e2f045f - 1959 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\3804fbdf - 2033 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\5b706353 - 1812 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\29e4368c - 1738 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\90786f13 - 1885 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\84e24e9a - 2091 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\e7e56243 - 1569 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\8af1a312 - 1834 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\62bfcc4f - 2049 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\640176c8 - 1603 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\52552cfe - 1919 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\7a7ef474 - 1819 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\31f6ffd3 - 2229 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\db93164c - 1833 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\dfeabb18 - 1614 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\29d5be32 - 2297 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\e2bf72ae - 2110 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\cf10eeab - 2007 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\fa4c1e2b - 2370 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\bd55d9c0 - 2241 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\2c368d80 - 2596 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\6510837e - 2024 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\0c1883ba - 1609 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\d54e3425 - 1471 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\99d4aaff - 1445 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\aa28fa96 - 1895 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\7372bc74 - 2312 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\e876d44f - 3006 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\c143c75c - 2146 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\4193dc28 - 1714 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\dbcf3753 - 2095 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\8d4ac496 - 2715 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\f79a966d - 2545 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\33ed4b2d - 2801 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\b6309d04 - 6197 virus records
[Virus database] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\53350c19 - 28348 virus records
Total virus records: 2344779
[Self-checking] C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\be792_xp.exe
Key file: C:\Documents and Settings\user\Local Settings\Temp\9A59E988-95D01166-12F6946A-9E3A701C\setup.key
License key number: 0013622856
Registered to: An unauthorized User
License key activates on: 2011-03-10
License key expires on: 2012-03-11

#10
Sal_88

Posted 08 July 2011 - 01:18 PM

New Member

Topic Starter
Member
6 posts

I am able to run combofix now but when its in the scanning for infected files screen it just sits there and nothing is going on.

#11
Homburg

Posted 09 July 2011 - 09:47 AM

Trusted Helper

Malware Removal
665 posts

Hello did you notice if Dr Web found anything?,

Step 1:

Can you try to run ComboFix in safe mode with networking please.

Step 2:

Delete the copy of OTL that you have and download a fresh copy:

If OTL don't run in normal mode please try safe mode.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Homburg

#12
Essexboy

Posted 14 July 2011 - 10:36 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.