My laptop is badly infected with virus..

View previous topic View next topic Go down

My laptop is badly infected with virus..

Post by priya1984 on 7th January 2010, 10:40 pm

Please help me sir! My laptop is badky infected with virus!

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 7th January 2010, 10:48 pm

And im unable to run Anti Malware bytes program... Sad tearing
I tried running my McAfee antivirus...that too im unable to run.
the virus that have affected my sytem are windows defender and antivirus live....

Please help me................please

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 7th January 2010, 11:25 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 7th January 2010, 11:31 pm

Im able to download it Sir. But unable to run it. When i try to run it, the virus in my laptop prompts me saying that it is a infected file..and asks to activate the fraud antivirus...and tries to redirect me to a wep page.

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 7th January 2010, 11:40 pm

Similarly, i tried opening "add or remove " programs, that too did not open saying that particular exe file is infected and wants me to install a antivirus to clean it up.
My laptop is totally screwed.......please help me


Last edited by priya1984 on 8th January 2010, 12:09 am; edited 1 time in total

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 12:02 am

Please stop posting one post after another, I know you have problems, just give me some time to get online.

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 12:06 am

Im extremely sorry Sir. I was just very scared since i have lot of imp data in my laptop. I wont do it again..

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 12:08 am

Im unable to extract it sir. The same thing is happening as mentioned before. I was just able to download it to my desktop..thats all


Last edited by priya1984 on 8th January 2010, 12:11 am; edited 1 time in total

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 12:09 am

Better back the important data up then, even if I can fix this and no problems remain, it's always helpful to have more than one copy of your data hanging around, either on the internal HHD, external HDD, CD/DVD, etc

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the second option, to run Windows in Safe Mode with networking, then press Enter.
  • Choose your usual account.

Try Hijack This in Safe Mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 12:17 am

Unfortunetly im unable to do this either. When i select the option under advanced menu, i get a screen and then it tells me that there is some problem so it cannot go to safe mode and the system boots normally.
I mean to say that, it says it has detected some problem and asks me to remove it.

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 12:19 am

Okay, try this in normal mode.

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 12:25 am

Sir, im trying to tell you that im unable to launch any application. I saved it as per ur instructions and then double clicked it to. I saw a small thing which looked like it was initialising...but then it disappeared and then the usual prompt came that was coming while i tried opening earlier applications as mentioned to u above.

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 12:31 am

I still have hopes in IceSword. I uploaded a non-zipped copy here:
[You must be registered and logged in to see this link.]

Choose to download as a free user, and hit the big blue button to download it.

Try running it more than once, IceSword has a neat little renaming trick it does to by-pass this malware.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 1:00 am

Finally i was able to open it. Lemme know what u want me to do

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 1:00 am

There we go, IceSword pulls through once again.

  • Now, on the left hand side tool, hit the Process button at the top of the list.
  • Just above the list, there is a log button, press that and save the log to your Desktop.
  • Next, hit the Startup on the left side list.
  • Press the log button again.
  • Post the two logs in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 1:07 am

I named it and saved it on the desktop. But, now im unable to open it to copy paste the info for u.

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 1:09 am

Can you transfer the logs over to another machine via USB and post the logs from there?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 1:10 am

If i do that, the other machine will be affected. Correct me if im wrong.

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 1:12 am

Not really, I don't think this machine has autorun abilities, and the text files can't really be infected, they aren't executable type files and are simple text files.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 4:46 pm

Good Morning Sir!

Sorry for disappearing suddenly yesterday without informing. Actually the internet connection screwwd up and then my husband took control of the lappy. He ran the combo fix with care and now it looks that the system is clean.
But im still worried that patches of those files may still be hovering around and i may or may not get some issues in my laptop later.
Do you suggest anything to be done by me now just to double check.

TIA
Priya

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 5:35 pm

Can you post me the Combofix log?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 5:55 pm

Im not sure if this is the one. But this is all i have dated yesterday evening.

ComboFix 10-01-04.01 - Saravanan 01/07/2010 20:25:15.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.576 [GMT -7:00]
Running from: c:\documents and settings\Saravanan\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\SARAVA~1\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\Saravanan\Local Settings\Application Data\qcbenc
c:\documents and settings\Saravanan\Local Settings\Application Data\qcbenc\wmcosysguard.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\EventSystem.log
c:\windows\system32\drivers\H8SRTtecyvbamrk.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\H8SRTdcgkkfswik.dll
c:\windows\system32\H8SRTenjgopxngj.dll
c:\windows\system32\H8SRTrveduhivpc.dll
c:\windows\system32\H8SRTudihclcgws.dat
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\TEMP\logishrd\LVPrcInj03.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-07 21:53 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:53 . 2010-01-07 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 21:53 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:46 . 2010-01-07 14:47 -------- d-----w- c:\documents and settings\Saravanan\Local Settings\Application Data\Move Networks
2009-12-28 06:27 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-28 06:26 . 2009-12-28 06:28 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-28 06:26 . 2009-12-28 06:27 -------- d-----w- c:\program files\McAfee.com
2009-12-28 06:04 . 2009-12-28 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-12-28 05:57 . 2009-12-28 05:57 -------- d-----w- c:\program files\Citrix
2009-12-28 05:57 . 2009-12-28 05:57 -------- d-----w- c:\documents and settings\Saravanan\Local Settings\Application Data\Citrix
2009-12-28 05:36 . 2010-01-07 23:11 -------- d-----w- c:\program files\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 03:37 . 2007-04-16 18:06 -------- d-----w- c:\program files\C4ebreg
2009-12-31 04:46 . 2009-12-01 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-12-28 06:37 . 2006-08-20 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-23 23:53 . 2009-03-27 17:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-11 16:22 . 2005-09-10 08:01 35184 ----a-w- c:\documents and settings\Saravanan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 02:28 . 2009-12-01 02:18 -------- d-----w- c:\documents and settings\Saravanan\Application Data\Canon
2009-12-01 02:19 . 2009-12-01 02:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan
2009-12-01 02:05 . 2009-12-01 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2009-12-01 02:05 . 2009-12-01 02:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu
2009-12-01 01:59 . 2009-12-01 01:49 -------- d-----w- c:\program files\Canon
2009-12-01 01:57 . 2009-12-01 01:57 -------- d-----w- c:\program files\ArcSoft
2009-12-01 01:57 . 2005-08-26 03:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 01:52 . 2009-12-01 01:52 -------- d--h--w- c:\program files\CanonBJ
2009-11-25 21:43 . 2009-05-16 02:55 -------- d-----w- c:\documents and settings\Saravanan\Application Data\BSplayer
2009-11-22 14:09 . 2009-11-22 14:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-16 03:00 . 2009-11-16 02:21 -------- d-----w- c:\program files\Linksys
2009-11-16 02:52 . 2009-11-16 02:15 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-11-16 02:16 . 2009-11-16 02:16 -------- d-----w- c:\program files\WebEx
2009-11-16 02:15 . 2009-11-16 02:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2009-11-16 02:09 . 2009-11-11 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-04 23:54 . 2009-03-26 19:35 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 23:54 . 2009-03-26 19:35 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 23:54 . 2009-03-26 19:35 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 23:54 . 2009-01-17 03:04 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-29 07:46 . 1980-01-01 07:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-07-13 20:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-21 05:38 . 1980-01-01 07:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 1980-01-01 07:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 1980-01-01 07:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 1980-01-01 07:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-03-26 20:38 . 2009-03-26 20:38 812344 ----a-w- c:\program files\HJTInstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-28 133104]
"cdloader"="c:\documents and settings\Saravanan\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks"="TpShocks.exe" [2005-01-24 106496]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
"TP4EX"="tp4ex.exe" [2004-11-12 40960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-12 344064]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 135168]
"C4EBReg"="c:\program files\C4ebreg\c4ebreg.exe" [2007-09-07 364544]
"Isamtray"="c:\program files\C4ebreg\isamtray.exe" [2007-09-07 237568]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-10 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 10:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2009-10-08 19:13 818288 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-15 01:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-15 01:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-19 01:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-10 10:39 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 18:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Documents and Settings\\Saravanan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Saravanan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ThinkPad\\PkgMgr\\HOTKEY\\TPONSCR.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Documents and Settings\\Saravanan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\ThinkPad\\ConnectUtilities\\QCWLICON.EXE"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\Saravanan\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/10/2009 11:59 AM 64160]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [8/25/2005 8:49 PM 14208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/27/2009 11:35 PM 93320]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [8/25/2005 8:49 PM 6016]
S3 artour;IBM Mobility Interface for Windows;c:\windows\system32\drivers\artndint.sys [7/3/2007 8:44 AM 7760]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [8/25/2005 9:13 PM 12288]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-10-29 07:46 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2889736847-2434749414-4043246188-1005Core.job
- c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-28 17:20]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2889736847-2434749414-4043246188-1005UA.job
- c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-28 17:20]

2009-12-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-28 19:22]

2009-12-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-28 19:22]
.
.

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 5:55 pm

------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - [You must be registered and logged in to see this link.]
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - [You must be registered and logged in to see this link.]
DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} - [You must be registered and logged in to see this link.]
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Saravanan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe
HKCU-Run-vtshnivs - c:\documents and settings\Saravanan\Local Settings\Application Data\qcbenc\wmcosysguard.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-Move Media Player - c:\documents and settings\Saravanan\Application Data\Move Networks\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-07 20:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(528)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\Bluetooth Software\bin\btwdins.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\System32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\mcafee\msc\mcshell.exe
c:\progra~1\McAfee\VIRUSS~1\mcods.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
**************************************************************************
.
Completion time: 2010-01-07 21:05:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 04:05

Pre-Run: 17,540,608,000 bytes free
Post-Run: 17,788,448,768 bytes free

- - End Of File - - 82D57B5084BA993E5C08296FBBF46EEF

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 6:00 pm

Looks good, just some leftovers to remove.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    DDS::
    uStart Page = about:blank
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =
    uSearchAssistant =

    Firefox::
    FF - ProfilePath - c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\
    FF - prefs.js: browser.startup.homepage - about:blank

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 7:43 pm

ComboFix 10-01-04.01 - Saravanan 01/08/2010 12:01:34.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.425 [GMT -7:00]
Running from: c:\documents and settings\Saravanan\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Saravanan\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 18:43 . 2010-01-08 18:44 -------- d-----w- C:\Combo-Fix
2010-01-07 21:53 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:53 . 2010-01-07 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 21:53 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:46 . 2010-01-07 14:47 -------- d-----w- c:\documents and settings\Saravanan\Local Settings\Application Data\Move Networks
2009-12-28 06:27 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-28 06:26 . 2009-12-28 06:28 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-28 06:26 . 2009-12-28 06:27 -------- d-----w- c:\program files\McAfee.com
2009-12-28 06:04 . 2009-12-28 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-12-28 05:57 . 2009-12-28 05:57 -------- d-----w- c:\program files\Citrix
2009-12-28 05:57 . 2009-12-28 05:57 -------- d-----w- c:\documents and settings\Saravanan\Local Settings\Application Data\Citrix
2009-12-28 05:36 . 2010-01-07 23:11 -------- d-----w- c:\program files\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 19:14 . 2007-04-16 18:06 -------- d-----w- c:\program files\C4ebreg
2010-01-05 18:33 . 2010-01-06 17:03 52224 ----a-w- c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
2010-01-05 18:33 . 2010-01-06 17:03 101376 ----a-w- c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
2009-12-31 04:46 . 2009-12-01 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-12-28 06:37 . 2006-08-20 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-23 23:53 . 2009-03-27 17:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-11 16:22 . 2005-09-10 08:01 35184 ----a-w- c:\documents and settings\Saravanan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 17:03 . 2009-12-04 17:03 251376 ----a-w- c:\documents and settings\Saravanan\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-01 02:28 . 2009-12-01 02:18 -------- d-----w- c:\documents and settings\Saravanan\Application Data\Canon
2009-12-01 02:19 . 2009-12-01 02:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan
2009-12-01 02:05 . 2009-12-01 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2009-12-01 02:05 . 2009-12-01 02:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu
2009-12-01 01:59 . 2009-12-01 01:49 -------- d-----w- c:\program files\Canon
2009-12-01 01:57 . 2009-12-01 01:57 -------- d-----w- c:\program files\ArcSoft
2009-12-01 01:57 . 2005-08-26 03:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 01:52 . 2009-12-01 01:52 -------- d--h--w- c:\program files\CanonBJ
2009-11-25 21:43 . 2009-05-16 02:55 -------- d-----w- c:\documents and settings\Saravanan\Application Data\BSplayer
2009-11-22 14:09 . 2009-11-22 14:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-16 03:00 . 2009-11-16 02:21 -------- d-----w- c:\program files\Linksys
2009-11-16 02:52 . 2009-11-16 02:15 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-11-16 02:16 . 2009-11-16 02:16 -------- d-----w- c:\program files\WebEx
2009-11-16 02:15 . 2009-11-16 02:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2009-11-16 02:09 . 2009-11-11 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-04 23:54 . 2009-03-26 19:35 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 23:54 . 2009-03-26 19:35 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 23:54 . 2009-03-26 19:35 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 23:54 . 2009-01-17 03:04 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-29 07:46 . 1980-01-01 07:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-07-13 20:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-21 05:38 . 1980-01-01 07:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 1980-01-01 07:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 1980-01-01 07:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 1980-01-01 07:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-03-26 20:38 . 2009-03-26 20:38 812344 ----a-w- c:\program files\HJTInstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-28 133104]
"cdloader"="c:\documents and settings\Saravanan\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks"="TpShocks.exe" [2005-01-24 106496]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
"TP4EX"="tp4ex.exe" [2004-11-12 40960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-12 344064]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 135168]
"C4EBReg"="c:\program files\C4ebreg\c4ebreg.exe" [2007-09-07 364544]
"Isamtray"="c:\program files\C4ebreg\isamtray.exe" [2007-09-07 237568]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-10 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 10:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2009-10-08 19:13 818288 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-15 01:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-15 01:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-19 01:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-10 10:39 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 18:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Documents and Settings\\Saravanan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Saravanan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ThinkPad\\PkgMgr\\HOTKEY\\TPONSCR.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Documents and Settings\\Saravanan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\ThinkPad\\ConnectUtilities\\QCWLICON.EXE"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\Saravanan\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/10/2009 11:59 AM 64160]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [8/25/2005 8:49 PM 14208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/27/2009 11:35 PM 93320]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [8/25/2005 8:49 PM 6016]
S3 artour;IBM Mobility Interface for Windows;c:\windows\system32\drivers\artndint.sys [7/3/2007 8:44 AM 7760]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [8/25/2005 9:13 PM 12288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-10-29 07:46 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2889736847-2434749414-4043246188-1005Core.job
- c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-28 17:20]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2889736847-2434749414-4043246188-1005UA.job
- c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-28 17:20]

2009-12-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-28 19:22]

2009-12-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-28 19:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - [You must be registered and logged in to see this link.]
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - [You must be registered and logged in to see this link.]
DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} - [You must be registered and logged in to see this link.]
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Saravanan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-08 12:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(7132)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\Bluetooth Software\bin\btwdins.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\System32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-08 12:26:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 19:26
ComboFix2.txt 2010-01-08 04:05

Pre-Run: 17,751,044,096 bytes free
Post-Run: 17,775,968,256 bytes free

- - End Of File - - 56B4C1639779E0B66E50BE4140182372

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 7:47 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 8:23 pm

The laptop restarted saying some parasite is trying to attach itself to combo fix .
The lappy restarted and now things seem to be fine..
Thanks a lot Sir. Your help is very much appreciated.thanks again...

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by Belahzur on 8th January 2010, 8:26 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My laptop is badly infected with virus..

Post by priya1984 on 8th January 2010, 8:59 pm

Thanks. Shall do it..

priya1984
Intermediate
Intermediate

Posts Posts : 153
Joined Joined : 2009-02-10
Gender Gender : Male
OS OS : Windows XP Professional
Points Points : 29823
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum