WiredWX Hobby Weather ToolsLog in

 


descriptionno idea but virus on laptop help Emptyno idea but virus on laptop help

more_horiz
here's the logfile ty in advance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:52 PM, on 8/28/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ProgramData\gav\gav.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJX916KM\winlogon[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [67569387646557683] C:\ProgramData\gav\wer.bat
O4 - HKCU\..\Run: [23094848483939484] C:\ProgramData\gav\mgrdll.exe
O4 - HKCU\..\Run: [21098746521098765] C:\ProgramData\gav\gav.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5060 bytes

descriptionno idea but virus on laptop help EmptyRe: no idea but virus on laptop help

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
    O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
    O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
    O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
    O1 - Hosts: 208.43.47.212 reviews.download.com
    O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
    O1 - Hosts: 208.43.47.212 reviews.pcmag.com
    O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
    O1 - Hosts: 208.43.47.212 reviews.techradar.com
    O1 - Hosts: 208.43.47.212 toptenreviews.com
    O1 - Hosts: 208.43.47.212 www.reevoo.com
    O1 - Hosts: ::1 localhost
    O4 - HKCU\..\Run: [67569387646557683] C:\ProgramData\gav\wer.bat
    O4 - HKCU\..\Run: [23094848483939484] C:\ProgramData\gav\mgrdll.exe
    O4 - HKCU\..\Run: [21098746521098765] C:\ProgramData\gav\gav.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionno idea but virus on laptop help EmptyRe: no idea but virus on laptop help

more_horiz
Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 6.0.6000

9/24/2009 11:48:15 PM
mbam-log-2009-09-24 (23-48-15).txt

Scan type: Quick Scan
Objects scanned: 84314
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\wsdt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\gav\wer.bat (Rogue.GreenAV) -> Quarantined and deleted successfully.

descriptionno idea but virus on laptop help EmptyRe: no idea but virus on laptop help

more_horiz

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.

descriptionno idea but virus on laptop help EmptyRe: no idea but virus on laptop help

more_horiz
DDS (Ver_09-09-24.01) - NTFSx86
Run by Sarah at 10:39:18.06 on Fri 09/25/2009
Internet Explorer: 7.0.6000.16890
Microsoft®️ Windows Vista™️ Ultimate 6.0.6000.0.1252.1.1033.18.3070.2195 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1351 [VPS 090924-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0C1GCHC\dds[1].scr

============== Pseudo HJT Report ===============

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-28 53328]

=============== Created Last 30 ================

2009-09-24 23:42 --d----- c:\users\sarah\appdata\roaming\Malwarebytes
2009-09-24 23:42 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 23:42 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-24 23:42 --d----- c:\programdata\Malwarebytes
2009-09-24 23:42 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 23:42 --d----- c:\progra~2\Malwarebytes
2009-09-10 21:14 494,592 a------- c:\windows\system32\kerberos.dll
2009-09-10 21:14 216,576 a------- c:\windows\system32\msv1_0.dll
2009-09-10 21:14 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-10 21:14 1,233,920 a------- c:\windows\system32\lsasrv.dll
2009-09-10 21:14 408,136 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-10 21:14 272,384 a------- c:\windows\system32\schannel.dll
2009-09-10 21:14 72,704 a------- c:\windows\system32\secur32.dll
2009-09-10 21:14 7,680 a------- c:\windows\system32\lsass.exe
2009-09-10 20:51 118 a------- c:\windows\system32\MRT.INI
2009-09-08 13:02 1,657,350 a------- c:\windows\system32\wlan.tmf
2009-09-02 15:58 1,686,528 a------- c:\windows\system32\gameux.dll
2009-09-02 15:58 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 15:58 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 11:47 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-08-28 11:47 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-08-28 11:47 348,160 a------- c:\windows\system32\MSVCR71.dll
2009-08-28 11:47 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-28 11:30 2,048 a------- c:\windows\system32\tzres.dll

==================== Find3M ====================

2009-08-28 20:40 449,024 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 20:40 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 20:40 2,143,744 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 20:40 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 16:15 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-08-14 10:16 213,592 a------- c:\windows\system32\drivers\netio.sys
2009-08-14 09:42 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-08-14 09:40 103,936 a------- c:\windows\system32\netiohlp.dll
2009-08-14 09:40 15,360 a------- c:\windows\system32\netevent.dll
2009-08-14 07:25 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 07:25 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 07:25 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 07:25 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 07:25 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 07:25 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 07:25 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 07:24 813,568 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 07:23 22,016 a------- c:\windows\system32\netiougc.exe
2009-07-30 20:37 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-30 20:37 51,200 a------- c:\windows\inf\infpub.dat
2009-07-30 20:37 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-30 20:37 86,016 a------- c:\windows\inf\infstor.dat
2009-07-22 19:00 268,800 a------- c:\windows\system32\es.dll
2009-07-20 22:54 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-07-19 19:33 174 a--sh--- c:\program files\desktop.ini
2009-07-19 19:22 61,440 a------- c:\windows\system32\winipsec.dll
2009-07-19 19:22 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-07-19 19:22 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-07-19 19:22 272,896 a------- c:\windows\system32\polstore.dll
2009-07-19 19:20 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-07-19 19:20 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-07-19 19:20 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-07-19 19:19 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-07-19 19:19 428,032 a------- c:\windows\system32\EncDec.dll
2009-07-19 19:19 292,352 a------- c:\windows\system32\psisdecd.dll
2009-07-19 19:18 205,824 a------- c:\windows\system32\msoeacct.dll
2009-07-19 19:18 87,040 a------- c:\windows\system32\msoert2.dll
2009-07-19 19:18 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-07-19 19:16 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-07-19 19:16 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-07-19 19:16 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-07-19 19:16 542,720 a------- c:\windows\system32\sysmain.dll
2009-07-19 19:15 194,560 a------- c:\windows\system32\WebClnt.dll
2009-07-19 19:14 2,028,032 a------- c:\windows\system32\win32k.sys
2009-07-19 19:13 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-19 19:13 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-19 19:13 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-19 19:13 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-19 19:13 24,064 a------- c:\windows\system32\lpk.dll
2009-07-19 19:13 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-19 19:11 376,320 a------- c:\windows\system32\winsrv.dll
2009-07-19 19:11 49,664 a------- c:\windows\system32\csrsrv.dll
2009-07-19 19:08 376,832 a------- c:\windows\system32\winhttp.dll
2009-07-19 19:06 297,472 a------- c:\windows\system32\gdi32.dll
2009-07-19 19:03 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-07-19 19:02 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-07-19 19:02 30,208 a------- c:\windows\system32\xolehlp.dll
2009-07-19 19:00 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-07-19 18:59 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-07-19 18:59 2,048 a------- c:\windows\system32\msxml3r.dll
2009-07-19 18:58 414,208 a------- c:\windows\system32\msscp.dll
2009-07-19 18:57 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-07-19 18:56 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-07-19 18:56 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-07-19 18:56 86,016 a------- c:\windows\system32\icfupgd.dll
2009-07-19 18:56 61,952 a------- c:\windows\system32\cmifw.dll
2009-07-19 18:56 16,896 a------- c:\windows\system32\wfapigp.dll
2009-07-19 18:56 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-07-19 18:50 696,832 a------- c:\windows\system32\localspl.dll
2009-07-19 18:46 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-07-19 18:45 2,923,520 a------- c:\windows\explorer.exe
2009-07-19 18:43 166,912 a------- c:\windows\system32\lpksetup.exe
2009-07-19 18:43 25,600 a------- c:\windows\system32\LangCleanupSysprepAction.dll
2009-07-19 18:43 23,552 a------- c:\windows\system32\lpremove.exe
2009-07-19 18:43 10,240 a------- c:\windows\system32\MUILanguageCleanup.dll
2009-07-19 18:43 8,704 a------- c:\windows\system32\hcrstco.dll
2009-07-19 18:43 8,704 a------- c:\windows\system32\hccoin.dll
2009-07-19 18:41 24,064 a------- c:\windows\system32\netcfg.exe
2009-07-19 18:39 9,892,864 a------- c:\windows\system32\NlsLexicons000a.dll
2009-07-19 18:37 181,760 a------- c:\windows\system32\fsquirt.exe
2009-07-19 18:37 4,152,184 a------- c:\windows\system32\wgaer_m.exe
2009-07-19 18:35 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-19 18:35 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-07-19 18:35 549,888 a------- c:\windows\system32\rpcss.dll
2009-07-19 18:34 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-07-19 18:34 130,560 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-07-19 18:34 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-07-19 18:34 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-07-19 18:34 501,760 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-07-19 18:34 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-07-19 18:34 53,248 a------- c:\windows\system32\iasads.dll
2009-07-19 18:34 158,720 a------- c:\windows\system32\sdohlp.dll
2009-07-19 18:34 97,280 a------- c:\windows\system32\iasrecst.dll
2009-07-19 18:34 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-07-19 18:32 223,232 a------- c:\windows\system32\WMASF.DLL
2009-07-19 18:32 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-07-19 18:32 2,048 a------- c:\windows\system32\asferror.dll
2009-07-19 18:31 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-07-19 18:31 25,600 a------- c:\windows\system32\amxread.dll
2009-07-19 18:31:33 A------- 14,848 c:\windows\system32\apilogen.dll
2006-11-22 07:58 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:40:31.75 ===============

descriptionno idea but virus on laptop help EmptyRe: no idea but virus on laptop help

more_horiz
Hello.
Delete this folder in bold if it exists.

C:\ProgramData\gav

How is the machine running now?

descriptionno idea but virus on laptop help EmptyRe: no idea but virus on laptop help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum