Author Topic: HJT log of my laptop. (Read 797 times)

podiz · « **on:** February 08, 2008, 08:51:24 AM »

Hi Guestolo ,

Please go thro the HJT logfile of my laptop and suggest action be taken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:40 PM, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
F:\Do Not Delete Softwares\Messenger\ymsgr_tray.exe
C:\Program Files\Huawei technologies\HUAWEI Mobile Connect\HuaWeiDataCard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Do Not Delete Softwares\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Do Not Delete Softwares\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Do Not Delete Softwares\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Do Not Delete Softwares\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Do Not Delete Softwares\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Do Not Delete Softwares\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Do Not Delete Softwares\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Do Not Delete Softwares\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Do Not Delete Softwares\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Do Not Delete Softwares\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B5CCFD6-EF59-446B-B3AD-08859407B275}: NameServer = 202.138.103.100 202.138.96.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5432 bytes

guestolo · « **Reply #1 on:** February 08, 2008, 05:54:57 PM »

It looks ok
Some minor cleanup
Do a "System scan only" with Hijackthis and put a check next to these entries:

If you didn't purposely set your IE home page to about:blank, tick the first one I recommend
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in Windows
Since there was a chance that you shared your usb thumbdrive with this computer
It may not hurt to run an online scan on the laptop

Suggest that you do the following
First disable Avast protections
Right click the AVAST icon by the clock and select "Stop on access Protections"
Ok the prompt

Then:
Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  [color=\"#6666CC\"]Extended[/color]
Scan Options:
[color=\"#6666CC\"]Scan Archives[/color]

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save

Post back all the following:

1. Post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.
2. Run a fresh scan/save logfile with Hijackthis and post it also

podiz · « **Reply #2 on:** March 07, 2008, 05:27:34 AM »

Hi Guestolo ,

Sorry for the late response. Got held up with some reason .

Please find HJT log and Kapersky report.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 09, 2008 2:27:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/02/2008
Kaspersky Anti-Virus database records: 555816
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\
   F:\
   G:\

Scan Statistics:
   Total number of scanned objects: 31430
   Number of viruses found: 2
   Number of infected objects: 118
   Number of suspicious objects: 0
   Duration of the scan process: 00:23:23

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\user123\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\user123\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\user123\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\user123\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\user123\Local Settings\History\History.IE5\MSHist012008020920080210\index.dat   Object is locked   skipped
C:\Documents and Settings\user123\Local Settings\Temp\JETD263.tmp   Object is locked   skipped
C:\Documents and Settings\user123\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\user123\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\user123\ntuser.dat.LOG   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log   Object is locked   skipped
C:\Program Files\Huawei technologies\HUAWEI Mobile Connect\vWTP.mdb   Object is locked   skipped
C:\QooBox\Quarantine\C\80avp08.com.vir   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\QooBox\Quarantine\C\autorun.inf.vir   Infected: Worm.Win32.AutoRun.bld   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo.exe.vir   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\QooBox\Quarantine\D\80avp08.com.vir   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\QooBox\Quarantine\D\autorun.inf.vir   Infected: Worm.Win32.AutoRun.bld   skipped
C:\QooBox\Quarantine\E\80avp08.com.vir   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\QooBox\Quarantine\E\autorun.inf.vir   Infected: Worm.Win32.AutoRun.bld   skipped
C:\QooBox\Quarantine\F\80avp08.com.vir   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\QooBox\Quarantine\F\autorun.inf.vir   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016186.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016187.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016188.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016219.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016220.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016221.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016261.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016262.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016263.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016277.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016279.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016280.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016306.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016307.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016308.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016337.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016339.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016340.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016361.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016362.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016363.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017363.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017364.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017365.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017397.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017398.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017399.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017431.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017433.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017434.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0018431.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0018433.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0018434.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018458.exe   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018459.dll   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018460.inf   Infected: Worm.Win32.AutoRun.bld   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018464.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP40\change.log   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\config\Antivirus.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\DEFAULT.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\SYSTEM.LOG   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\Temp\Perflib_Perfdata_710.dat   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector   Object is locked   skipped
D:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016189.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016190.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016222.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016223.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016264.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016265.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016281.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016282.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016309.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016310.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016341.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016342.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016364.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016365.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017366.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017367.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017400.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017401.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017435.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017436.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0018435.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0018436.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018461.inf   Infected: Worm.Win32.AutoRun.bld   skipped
D:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018465.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector   Object is locked   skipped
E:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016191.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016192.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016224.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016225.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016266.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016267.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016283.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016284.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016311.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016312.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016343.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016344.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016366.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016367.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017368.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017369.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017402.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017403.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017437.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017438.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0018437.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0018438.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018462.inf   Infected: Worm.Win32.AutoRun.bld   skipped
E:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018466.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector   Object is locked   skipped
F:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016193.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016194.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016226.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016227.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016268.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016269.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016285.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016286.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016313.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016314.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016345.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016346.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016368.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0016369.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017370.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017371.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017404.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017405.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017439.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0017440.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP38\A0018439.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018463.inf   Infected: Worm.Win32.AutoRun.bld   skipped
F:\System Volume Information\_restore{4E0C7703-738D-4BA1-B40D-378311E5160E}\RP39\A0018467.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped

Scan process completed.

HJT log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:13 PM, on 07/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Huawei technologies\HUAWEI Mobile Connect\HuaWeiDataCard.exe
F:\Do Not Delete Softwares\Messenger\YahooMessenger.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Do Not Delete Softwares\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Do Not Delete Softwares\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Do Not Delete Softwares\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Do Not Delete Softwares\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Do Not Delete Softwares\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Do Not Delete Softwares\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Do Not Delete Softwares\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Do Not Delete Softwares\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Do Not Delete Softwares\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Do Not Delete Softwares\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5330 bytes

guestolo · « **Reply #3 on:** March 07, 2008, 08:55:52 AM »

How are things running now?
I'm not sure, please keep me updated

podiz · « **Reply #4 on:** March 08, 2008, 11:32:13 PM »

Things seems to be fine .

but then did u notice kaspersky report says two virus found ? is it harmless ?

guestolo · « **Reply #5 on:** March 09, 2008, 12:22:16 AM »

Quote

but then did u notice kaspersky report says two virus found ? is it harmless ?

we'll do some final cleaning now

Find and delete the following folder
C:\Qoobox
Go to START>>RUN>>Copy then paste the next command below in bold
Then hit OK

combofix /u

This will uninstall combofix and it's components

download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].

Save it to your desktop.
Double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
eg... rdchase1
and click Create
Windows will prompt when it was created successfully

When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Take a look at miekiemoes site with other ideas on How to prevent Malware:

I hope that helps

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: HJT log of my laptop. (Read 797 times)

podiz

HJT log of my laptop.

guestolo

HJT log of my laptop.

podiz

HJT log of my laptop.

guestolo

HJT log of my laptop.

podiz

HJT log of my laptop.

guestolo

HJT log of my laptop.