no idea but virus on laptop help

View previous topic View next topic Go down

no idea but virus on laptop help

Post by dpark29 on Fri Aug 28, 2009 8:18 pm

here's the logfile ty in advance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:52 PM, on 8/28/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ProgramData\gav\gav.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJX916KM\winlogon[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 [You must be registered and logged in to see this link.]
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [67569387646557683] C:\ProgramData\gav\wer.bat
O4 - HKCU\..\Run: [23094848483939484] C:\ProgramData\gav\mgrdll.exe
O4 - HKCU\..\Run: [21098746521098765] C:\ProgramData\gav\gav.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5060 bytes

dpark29
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2009-08-28
OS : XP

View user profile

Back to top Go down

Re: no idea but virus on laptop help

Post by Belahzur on Sat Aug 29, 2009 6:03 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
    O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
    O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
    O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
    O1 - Hosts: 208.43.47.212 reviews.download.com
    O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
    O1 - Hosts: 208.43.47.212 reviews.pcmag.com
    O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
    O1 - Hosts: 208.43.47.212 reviews.techradar.com
    O1 - Hosts: 208.43.47.212 toptenreviews.com
    O1 - Hosts: 208.43.47.212 [You must be registered and logged in to see this link.]
    O1 - Hosts: ::1 localhost
    O4 - HKCU\..\Run: [67569387646557683] C:\ProgramData\gav\wer.bat
    O4 - HKCU\..\Run: [23094848483939484] C:\ProgramData\gav\mgrdll.exe
    O4 - HKCU\..\Run: [21098746521098765] C:\ProgramData\gav\gav.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: no idea but virus on laptop help

Post by dpark29 on Fri Sep 25, 2009 7:12 am

Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 6.0.6000

9/24/2009 11:48:15 PM
mbam-log-2009-09-24 (23-48-15).txt

Scan type: Quick Scan
Objects scanned: 84314
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\wsdt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\gav\wer.bat (Rogue.GreenAV) -> Quarantined and deleted successfully.

dpark29
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2009-08-28
OS : XP

View user profile

Back to top Go down

Re: no idea but virus on laptop help

Post by Belahzur on Fri Sep 25, 2009 9:21 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: no idea but virus on laptop help

Post by dpark29 on Fri Sep 25, 2009 5:42 pm

DDS (Ver_09-09-24.01) - NTFSx86
Run by Sarah at 10:39:18.06 on Fri 09/25/2009
Internet Explorer: 7.0.6000.16890
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.3070.2195 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1351 [VPS 090924-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0C1GCHC\dds[1].scr

============== Pseudo HJT Report ===============

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-28 53328]

=============== Created Last 30 ================

2009-09-24 23:42 --d----- c:\users\sarah\appdata\roaming\Malwarebytes
2009-09-24 23:42 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 23:42 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-24 23:42 --d----- c:\programdata\Malwarebytes
2009-09-24 23:42 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 23:42 --d----- c:\progra~2\Malwarebytes
2009-09-10 21:14 494,592 a------- c:\windows\system32\kerberos.dll
2009-09-10 21:14 216,576 a------- c:\windows\system32\msv1_0.dll
2009-09-10 21:14 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-10 21:14 1,233,920 a------- c:\windows\system32\lsasrv.dll
2009-09-10 21:14 408,136 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-10 21:14 272,384 a------- c:\windows\system32\schannel.dll
2009-09-10 21:14 72,704 a------- c:\windows\system32\secur32.dll
2009-09-10 21:14 7,680 a------- c:\windows\system32\lsass.exe
2009-09-10 20:51 118 a------- c:\windows\system32\MRT.INI
2009-09-08 13:02 1,657,350 a------- c:\windows\system32\wlan.tmf
2009-09-02 15:58 1,686,528 a------- c:\windows\system32\gameux.dll
2009-09-02 15:58 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 15:58 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 11:47 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-08-28 11:47 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-08-28 11:47 348,160 a------- c:\windows\system32\MSVCR71.dll
2009-08-28 11:47 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-28 11:30 2,048 a------- c:\windows\system32\tzres.dll

==================== Find3M ====================

2009-08-28 20:40 449,024 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 20:40 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 20:40 2,143,744 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 20:40 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 16:15 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-08-14 10:16 213,592 a------- c:\windows\system32\drivers\netio.sys
2009-08-14 09:42 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-08-14 09:40 103,936 a------- c:\windows\system32\netiohlp.dll
2009-08-14 09:40 15,360 a------- c:\windows\system32\netevent.dll
2009-08-14 07:25 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 07:25 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 07:25 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 07:25 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 07:25 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 07:25 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 07:25 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 07:24 813,568 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 07:23 22,016 a------- c:\windows\system32\netiougc.exe
2009-07-30 20:37 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-30 20:37 51,200 a------- c:\windows\inf\infpub.dat
2009-07-30 20:37 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-30 20:37 86,016 a------- c:\windows\inf\infstor.dat
2009-07-22 19:00 268,800 a------- c:\windows\system32\es.dll
2009-07-20 22:54 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-07-19 19:33 174 a--sh--- c:\program files\desktop.ini
2009-07-19 19:22 61,440 a------- c:\windows\system32\winipsec.dll
2009-07-19 19:22 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-07-19 19:22 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-07-19 19:22 272,896 a------- c:\windows\system32\polstore.dll
2009-07-19 19:20 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-07-19 19:20 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-07-19 19:20 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-07-19 19:19 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-07-19 19:19 428,032 a------- c:\windows\system32\EncDec.dll
2009-07-19 19:19 292,352 a------- c:\windows\system32\psisdecd.dll
2009-07-19 19:18 205,824 a------- c:\windows\system32\msoeacct.dll
2009-07-19 19:18 87,040 a------- c:\windows\system32\msoert2.dll
2009-07-19 19:18 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-07-19 19:16 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-07-19 19:16 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-07-19 19:16 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-07-19 19:16 542,720 a------- c:\windows\system32\sysmain.dll
2009-07-19 19:15 194,560 a------- c:\windows\system32\WebClnt.dll
2009-07-19 19:14 2,028,032 a------- c:\windows\system32\win32k.sys
2009-07-19 19:13 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-19 19:13 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-19 19:13 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-19 19:13 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-19 19:13 24,064 a------- c:\windows\system32\lpk.dll
2009-07-19 19:13 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-19 19:11 376,320 a------- c:\windows\system32\winsrv.dll
2009-07-19 19:11 49,664 a------- c:\windows\system32\csrsrv.dll
2009-07-19 19:08 376,832 a------- c:\windows\system32\winhttp.dll
2009-07-19 19:06 297,472 a------- c:\windows\system32\gdi32.dll
2009-07-19 19:03 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-07-19 19:02 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-07-19 19:02 30,208 a------- c:\windows\system32\xolehlp.dll
2009-07-19 19:00 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-07-19 18:59 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-07-19 18:59 2,048 a------- c:\windows\system32\msxml3r.dll
2009-07-19 18:58 414,208 a------- c:\windows\system32\msscp.dll
2009-07-19 18:57 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-07-19 18:56 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-07-19 18:56 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-07-19 18:56 86,016 a------- c:\windows\system32\icfupgd.dll
2009-07-19 18:56 61,952 a------- c:\windows\system32\cmifw.dll
2009-07-19 18:56 16,896 a------- c:\windows\system32\wfapigp.dll
2009-07-19 18:56 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-07-19 18:50 696,832 a------- c:\windows\system32\localspl.dll
2009-07-19 18:46 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-07-19 18:45 2,923,520 a------- c:\windows\explorer.exe
2009-07-19 18:43 166,912 a------- c:\windows\system32\lpksetup.exe
2009-07-19 18:43 25,600 a------- c:\windows\system32\LangCleanupSysprepAction.dll
2009-07-19 18:43 23,552 a------- c:\windows\system32\lpremove.exe
2009-07-19 18:43 10,240 a------- c:\windows\system32\MUILanguageCleanup.dll
2009-07-19 18:43 8,704 a------- c:\windows\system32\hcrstco.dll
2009-07-19 18:43 8,704 a------- c:\windows\system32\hccoin.dll
2009-07-19 18:41 24,064 a------- c:\windows\system32\netcfg.exe
2009-07-19 18:39 9,892,864 a------- c:\windows\system32\NlsLexicons000a.dll
2009-07-19 18:37 181,760 a------- c:\windows\system32\fsquirt.exe
2009-07-19 18:37 4,152,184 a------- c:\windows\system32\wgaer_m.exe
2009-07-19 18:35 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-19 18:35 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-07-19 18:35 549,888 a------- c:\windows\system32\rpcss.dll
2009-07-19 18:34 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-07-19 18:34 130,560 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-07-19 18:34 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-07-19 18:34 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-07-19 18:34 501,760 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-07-19 18:34 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-07-19 18:34 53,248 a------- c:\windows\system32\iasads.dll
2009-07-19 18:34 158,720 a------- c:\windows\system32\sdohlp.dll
2009-07-19 18:34 97,280 a------- c:\windows\system32\iasrecst.dll
2009-07-19 18:34 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-07-19 18:32 223,232 a------- c:\windows\system32\WMASF.DLL
2009-07-19 18:32 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-07-19 18:32 2,048 a------- c:\windows\system32\asferror.dll
2009-07-19 18:31 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-07-19 18:31 25,600 a------- c:\windows\system32\amxread.dll
2009-07-19 18:31:33 A------- 14,848 c:\windows\system32\apilogen.dll
2006-11-22 07:58 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:40:31.75 ===============

dpark29
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2009-08-28
OS : XP

View user profile

Back to top Go down

Re: no idea but virus on laptop help

Post by Belahzur on Fri Sep 25, 2009 6:40 pm

Hello.
Delete this folder in bold if it exists.

C:\ProgramData\gav

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum