System Security Virus

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

System Security Virus2nd July 2009, 5:07 am

I am hoping somebody can help. I have a virus (system security) that I cannot remove. I can no longer get online with my laptop or open any programs. I have followed the instructions on how to remove it with malwarebytes anti malware and it does not work, it is still there after I complete everything and restart the computer. Any help would be great.

Re: System Security Virus2nd July 2009, 9:34 am

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

Re: System Security Virus2nd July 2009, 5:53 pm

Well I ended up getting rid of the virus but now I have a new problem. When I had the virus I could not get online at all. No matter what. I could not even open any windows or anything. The virus is gone so I can open windows and what not but I cant get online now. I looked at my drivers and they are all messed up. The modem driver, network adapters, and sound, video, game controllers are all damaged. I do not know how to fix them......especially since I do not have the recovery disk and I cant go online with the comp. Any sugesstions?

Re: System Security Virus2nd July 2009, 5:56 pm

The virus is probably still there, are you able to run HijackThis?

Re: System Security Virus2nd July 2009, 5:59 pm

No cause I cant go online to download it.

Re: System Security Virus2nd July 2009, 6:00 pm

My modem driver is messed up.

Re: System Security Virus2nd July 2009, 6:01 pm

I see, are you able to download anything from another computer to transfer it to the infected one?

Re: System Security Virus2nd July 2009, 6:03 pm

Yea I could do that...did not think of that. Would it work if I downloaded it to a external drive? And if I uninstalled the driver could I reinstall it without a disk? Sorry if its a dumb question, I am not that good with computers.

Re: System Security Virus2nd July 2009, 6:07 pm

Yes you can, you can reinstall it without a disk if you have the driver itself. Please download HijackThis from your non infected computer and transfer it to the infected one.

Re: System Security Virus2nd July 2009, 7:11 pm

Ok, I got back online....downloaded the program recommended. And anytime I open it instantly closes.

Re: System Security Virus2nd July 2009, 7:15 pm

can you rename HijackThis to something like flowers.exe and then see if it runs?

Re: System Security Virus2nd July 2009, 7:25 pm

Does not work....I renamed the desktop installer and it did the same thing.

Re: System Security Virus2nd July 2009, 7:31 pm

I see, please do the following:

Please download Ice Sword from HERE

Download the zip to your desktop and extract it.
Open the Ice Sword folder and then launch IceSword.exe.
Then look in the left hand bottom of the program and press "Registry"
When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\fake-key
Once you find that key, right click the key and press "Delete"
Okay the prompt and close IceSword.

Re: System Security Virus2nd July 2009, 7:46 pm

When I open up the windows folder there is no fake-key.....all I have under windows is CurrentVersion, help, HTML Help, ITStorage, Shell

Re: System Security Virus2nd July 2009, 7:49 pm

I see, instead of that registry key, please check this one:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Re: System Security Virus2nd July 2009, 7:51 pm

Under Run the folder listed is OptionalComponents....in that is IMAIL, MAPI and MSFS.....what do I do or delete from here?

Re: System Security Virus2nd July 2009, 7:56 pm

If you do not see any random number ending with .exe do NOT delete anything, we need to try a different approach:

Please download MGTools from here:

http://forums.majorgeeks.com/chaslang/files/MGtools.exe

Once downloaded, follow the instructions on this page:

http://forums.majorgeeks.com/showthread.php?t=137630

Once you have fully installed MGTools, there will be a folder created in your C:\ drive, should be C:\MGTools, go to that folder and look for a file called Analyze.exe, that file should be HijackThis, Now do a system scan and save a log file, once you have the log, post all the contents of the log back here.

Re: System Security Virus2nd July 2009, 7:59 pm

I cant open the first link....it says....Error 403! /chaslang/files/MGtools.exe Forbidden!

Re: System Security Virus2nd July 2009, 8:06 pm

There's a referal check on MG, so use the second link to the thread and download via the link there.

Re: System Security Virus2nd July 2009, 8:08 pm

Or you can download it from here Cheesy Grin (sparkly

http://rapidshare.com/files/251178899/MGtools.exe

Re: System Security Virus2nd July 2009, 8:20 pm

Ok I was able to open that link.....I have to leave for work now so I will have to follow the instructions and all of that tomorrow. Thanks for your help and I will post again when I finished with the next steps.....thanks again for all your help.

Re: System Security Virus3rd July 2009, 6:22 am

I followed all the instructions and now when I open analyze.exe it opens for a second then disapears on me.

Re: System Security Virus3rd July 2009, 3:45 pm

Hello.
Rename the file from Analyze.exe to winlogon.exe and see if it will run.

Re: System Security Virus3rd July 2009, 10:30 pm

Here is the log file.....also on a side note I can only start my comp. in safe mode...windows will not start otherwise.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:57 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\MGtools\winlogon.exe
C:\WINDOWS\fonts\services.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
F3 - REG:win.ini: load=C:\WINDOWS\system32\msjcm.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msrflpxe.exe
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mssvg.exe
O4 - HKUS\S-1-5-19\..\Run: [butumidepi] Rundll32.exe "C:\WINDOWS\system32\peyumupo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [butumidepi] Rundll32.exe "C:\WINDOWS\system32\peyumupo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179511465796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\DOCUME~1\KARAHU~1\LOCALS~1\Temp\6906000126mxx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: bcefbffcac - C:\WINDOWS\system32\bcefbffcac.dll
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lich - Unknown owner - C:\WINDOWS\system32\lich.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9390 bytes

Re: System Security Virus4th July 2009, 2:10 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

F3 - REG:win.ini: load=C:\WINDOWS\system32\msjcm.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msrflpxe.exe
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mssvg.exe
O4 - HKUS\S-1-5-19\..\Run: [butumidepi] Rundll32.exe "C:\WINDOWS\system32\peyumupo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [butumidepi] Rundll32.exe "C:\WINDOWS\system32\peyumupo.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: C:\DOCUME~1\KARAHU~1\LOCALS~1\Temp\6906000126mxx.dll
O20 - Winlogon Notify: bcefbffcac - C:\WINDOWS\system32\bcefbffcac.dll
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O23 - Service: lich - Unknown owner - C:\WINDOWS\system32\lich.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: System Security Virus4th July 2009, 10:14 pm

Some of those things that I am supposed to check have changed slightly... example....
F3 - REG:win.ini: load=C:\WINDOWS\system32\msjcm.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msrflpxe.exe

is now showing

F3 - REG:win.ini: load=C:\WINDOWS\system32\msjwler.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msjula.exe

There are also a few others......Do I check these and fix those? I have not done anything yet and will not do so until you let me know as to not create a new problem.

Re: System Security Virus4th July 2009, 10:47 pm

Okay, fix the changed items, doesn't matter what they called, they need to go.

Re: System Security Virus4th July 2009, 11:17 pm

Ok I downloaded the MBAM and when I open it up to install it I choose English then it instantly closes on me.

Re: System Security Virus4th July 2009, 11:46 pm

I already have it installed I just realized already.....When I open that up even and try to update it it says it will close and install the latest version. As soon as it starts to install it closes.

Re: System Security Virus5th July 2009, 7:15 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: System Security Virus5th July 2009, 10:56 pm

I cant disable anything....it wont let me. I even tried totally uninstalling AVG and it wont let me. I dont think it is even running. I will follow the rest of the steps and post the log

Re: System Security Virus5th July 2009, 11:02 pm

AVG is running it said. How can I turn it off. I can only start my comp in safe mode, it is not showing in the task bar.

Re: System Security Virus6th July 2009, 2:03 pm

Okay, just run Combofix as normal anyway, even if it says AVG is active.

Re: System Security Virus6th July 2009, 5:51 pm

I will need to post it in a few post the log is too big
.

Re: System Security Virus6th July 2009, 5:52 pm

ComboFix 09-07-05.04 - Administrator 07/06/2009 13:24.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.808 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-2067553298
c:\documents and settings\All Users\Application Data\18887184
c:\documents and settings\All Users\Application Data\18887184\18887184
c:\documents and settings\All Users\Application Data\18887184\18887184.exe
c:\documents and settings\Kara Hudon\Application Data\wiaserva.log
c:\documents and settings\Kara Hudon\Application Data\wiaservg.log
C:\dvl.dll
C:\dvs.dll
c:\windows\010112010146118114.dat
c:\windows\kb913800.exe
c:\windows\ld11.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\abc2
c:\windows\system32\bcefbffcac.dll
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\hjgruimqlrsvpt.sys
c:\windows\system32\ex1
c:\windows\system32\hjgruialbabybj.dll
c:\windows\system32\hjgruihymsddyy.dat
c:\windows\system32\hjgruivxgulrwl.dat
c:\windows\system32\hjgruixiqhxngf.dll
c:\windows\system32\ineWc01
c:\windows\system32\ipd1
c:\windows\system32\mscesh.exe
c:\windows\system32\mscfo.exe
c:\windows\system32\mschs.exe
c:\windows\system32\mscijaz.exe
c:\windows\system32\mscjmijv.exe
c:\windows\system32\msclosdv.exe
c:\windows\system32\msclts.exe
c:\windows\system32\mscmjke.exe
c:\windows\system32\mscmrxr.exe
c:\windows\system32\mscnd.exe
c:\windows\system32\mscnuysa.exe
c:\windows\system32\mscpez.exe
c:\windows\system32\mscpoeps.exe
c:\windows\system32\msctesm.exe
c:\windows\system32\mscuq.exe
c:\windows\system32\mscxa.exe
c:\windows\system32\mscxd.exe
c:\windows\system32\msczwf.exe
c:\windows\system32\msdbg.exe
c:\windows\system32\msdbheq.exe
c:\windows\system32\msdcuoh.exe
c:\windows\system32\msdcuqh.exe
c:\windows\system32\msddi.exe
c:\windows\system32\msddkp.exe
c:\windows\system32\msdebwej.exe
c:\windows\system32\msdfa.exe
c:\windows\system32\msdfbyyc.exe
c:\windows\system32\msdglkc.exe
c:\windows\system32\msdgw.exe
c:\windows\system32\msdhl.exe
c:\windows\system32\msdhpcsb.exe
c:\windows\system32\msdhvaj.exe
c:\windows\system32\msdjbk.exe
c:\windows\system32\msdjefzt.exe
c:\windows\system32\msdkraax.exe
c:\windows\system32\msdlbf.exe
c:\windows\system32\msdlgo.exe
c:\windows\system32\msdowvf.exe
c:\windows\system32\msdpygw.exe
c:\windows\system32\msdqalr.exe
c:\windows\system32\msdsshqm.exe
c:\windows\system32\msdtufxr.exe
c:\windows\system32\msdvirt.exe
c:\windows\system32\msdvkzrx.exe
c:\windows\system32\msdvq.exe
c:\windows\system32\msdvumml.exe
c:\windows\system32\msdwob.exe
c:\windows\system32\msdyn.exe
c:\windows\system32\msdynp.exe
c:\windows\system32\msdznhsk.exe
c:\windows\system32\mseajytk.exe
c:\windows\system32\msebquuq.exe
c:\windows\system32\msecj.exe
c:\windows\system32\mseflqpu.exe
c:\windows\system32\msefywp.exe
c:\windows\system32\msegnq.exe
c:\windows\system32\msegq.exe
c:\windows\system32\msehc.exe
c:\windows\system32\msehdrx.exe
c:\windows\system32\mseitsk.exe
c:\windows\system32\mseizk.exe
c:\windows\system32\msekf.exe
c:\windows\system32\mseknmoq.exe
c:\windows\system32\msemh.exe
c:\windows\system32\mseobkv.exe
c:\windows\system32\mseotpr.exe
c:\windows\system32\msepe.exe
c:\windows\system32\mseqxw.exe
c:\windows\system32\msewtz.exe
c:\windows\system32\msewuc.exe
c:\windows\system32\msewuvno.exe
c:\windows\system32\msexyhf.exe
c:\windows\system32\mseye.exe
c:\windows\system32\mseyf.exe
c:\windows\system32\msezck.exe
c:\windows\system32\msezxtfg.exe
c:\windows\system32\msfainy.exe
c:\windows\system32\msfaisfr.exe
c:\windows\system32\msfal.exe
c:\windows\system32\msfao.exe
c:\windows\system32\msfazmn.exe
c:\windows\system32\msfdahqg.exe
c:\windows\system32\msfejzc.exe
c:\windows\system32\msffje.exe
c:\windows\system32\msfgdo.exe
c:\windows\system32\msfgiv.exe
c:\windows\system32\msfha.exe
c:\windows\system32\msfhji.exe
c:\windows\system32\msfiqth.exe
c:\windows\system32\msfiwvz.exe
c:\windows\system32\msfjaph.exe
c:\windows\system32\msfkcd.exe
c:\windows\system32\msfkdi.exe
c:\windows\system32\msfky.exe
c:\windows\system32\msflvhbj.exe
c:\windows\system32\msfnqqft.exe
c:\windows\system32\msfpevug.exe
c:\windows\system32\msfpfn.exe
c:\windows\system32\msfpg.exe
c:\windows\system32\msfpswqk.exe
c:\windows\system32\msfqqgc.exe
c:\windows\system32\msfqtaf.exe
c:\windows\system32\msfqu.exe
c:\windows\system32\msfqvx.exe
c:\windows\system32\msfqxd.exe
c:\windows\system32\msfrt.exe
c:\windows\system32\msfsob.exe
c:\windows\system32\msfteqv.exe
c:\windows\system32\msftkh.exe
c:\windows\system32\msfvq.exe
c:\windows\system32\msfvtpg.exe
c:\windows\system32\msfvvxg.exe
c:\windows\system32\msfwkce.exe
c:\windows\system32\msfwn.exe
c:\windows\system32\msfxcfu.exe
c:\windows\system32\msfxjb.exe
c:\windows\system32\msfxjw.exe
c:\windows\system32\msfyqz.exe
c:\windows\system32\msfyvcfq.exe
c:\windows\system32\msfzutqz.exe
c:\windows\system32\msfzwpt.exe
c:\windows\system32\msgbcbv.exe
c:\windows\system32\msgcu.exe
c:\windows\system32\msgehhkf.exe
c:\windows\system32\msgeizl.exe
c:\windows\system32\msgfpo.exe
c:\windows\system32\msgfwz.exe
c:\windows\system32\msggxvg.exe
c:\windows\system32\msghk.exe
c:\windows\system32\msgiu.exe
c:\windows\system32\msgkkwib.exe
c:\windows\system32\msgkxut.exe
c:\windows\system32\msglw.exe
c:\windows\system32\msgml.exe
c:\windows\system32\msgmuiyf.exe
c:\windows\system32\msgnbd.exe
c:\windows\system32\msgpkhui.exe
c:\windows\system32\msgqltno.exe
c:\windows\system32\msgqrmcd.exe
c:\windows\system32\msgsb.exe
c:\windows\system32\msgsfsf.exe
c:\windows\system32\msgtq.exe
c:\windows\system32\msgttxcq.exe
c:\windows\system32\msgusatx.exe
c:\windows\system32\msgwgi.exe
c:\windows\system32\msgwn.exe
c:\windows\system32\msgxh.exe
c:\windows\system32\msgylhw.exe
c:\windows\system32\msgyog.exe
c:\windows\system32\msgzxjfc.exe
c:\windows\system32\mshagjf.exe
c:\windows\system32\mshbpy.exe
c:\windows\system32\mshcg.exe
c:\windows\system32\mshdicsi.exe
c:\windows\system32\mshentb.exe
c:\windows\system32\mshfiii.exe
c:\windows\system32\mshfokc.exe
c:\windows\system32\mshigqrc.exe
c:\windows\system32\mshizick.exe
c:\windows\system32\mshkac.exe
c:\windows\system32\mshltka.exe
c:\windows\system32\mshnd.exe
c:\windows\system32\mshnkcgq.exe
c:\windows\system32\mshoird.exe
c:\windows\system32\mshok.exe
c:\windows\system32\mshqe.exe
c:\windows\system32\mshrjy.exe
c:\windows\system32\mshsuaz.exe
c:\windows\system32\mshudhh.exe
c:\windows\system32\mshui.exe
c:\windows\system32\mshuiejt.exe
c:\windows\system32\mshutcyu.exe
c:\windows\system32\mshutet.exe
c:\windows\system32\mshvbi.exe
c:\windows\system32\mshvj.exe
c:\windows\system32\mshvnb.exe
c:\windows\system32\mshvrblg.exe
c:\windows\system32\mshwhs.exe
c:\windows\system32\mshzeu.exe
c:\windows\system32\mshzx.exe
c:\windows\system32\msiacs.exe
c:\windows\system32\msica.exe
c:\windows\system32\msicl.exe
c:\windows\system32\msidbgtj.exe
c:\windows\system32\msidrr.exe
c:\windows\system32\msieokyf.exe
c:\windows\system32\msiewso.exe
c:\windows\system32\msifdmdn.exe
c:\windows\system32\msigm.exe
c:\windows\system32\msigz.exe
c:\windows\system32\msigzbyb.exe
c:\windows\system32\msihajn.exe
c:\windows\system32\msihe.exe
c:\windows\system32\msihmmwb.exe
c:\windows\system32\msihwltq.exe
c:\windows\system32\msijg.exe
c:\windows\system32\msilbzw.exe
c:\windows\system32\msildk.exe
c:\windows\system32\msilks.exe
c:\windows\system32\msilnlb.exe
c:\windows\system32\msima.exe
c:\windows\system32\msimllws.exe
c:\windows\system32\msimrk.exe
c:\windows\system32\msindy.exe
c:\windows\system32\msinpta.exe
c:\windows\system32\msipa.exe
c:\windows\system32\msipbwy.exe
c:\windows\system32\msipxgkm.exe
c:\windows\system32\msiqaxak.exe
c:\windows\system32\msiqb.exe
c:\windows\system32\msiqjw.exe
c:\windows\system32\msire.exe
c:\windows\system32\msirpoh.exe
c:\windows\system32\msirt.exe
c:\windows\system32\msiso.exe
c:\windows\system32\msiurcs.exe
c:\windows\system32\msivp.exe
c:\windows\system32\msivqz.exe
c:\windows\system32\msiwhcy.exe
c:\windows\system32\msiwjxyu.exe
c:\windows\system32\msixmcq.exe
c:\windows\system32\msiybm.exe
c:\windows\system32\msjaedeu.exe
c:\windows\system32\msjaivt.exe
c:\windows\system32\msjbbp.exe
c:\windows\system32\msjccrhr.exe
c:\windows\system32\msjcljog.exe
c:\windows\system32\msjcm.exe
c:\windows\system32\msjcq.exe
c:\windows\system32\msjczlld.exe
c:\windows\system32\msjdn.exe
c:\windows\system32\msjek.exe
c:\windows\system32\msjeore.exe
c:\windows\system32\msjepahn.exe
c:\windows\system32\msjfrna.exe
c:\windows\system32\msjhbed.exe
c:\windows\system32\msjhgnz.exe
c:\windows\system32\msjhn.exe
c:\windows\system32\msjixlqn.exe
c:\windows\system32\msjjd.exe
c:\windows\system32\msjjtn.exe
c:\windows\system32\msjkun.exe
c:\windows\system32\msjlmjqj.exe
c:\windows\system32\msjmhe.exe
c:\windows\system32\msjmia.exe
c:\windows\system32\msjmrp.exe
c:\windows\system32\msjnzx.exe
c:\windows\system32\msjqhv.exe
c:\windows\system32\msjql.exe
c:\windows\system32\msjrd.exe
c:\windows\system32\msjrmkff.exe
c:\windows\system32\msjrqhxt.exe
c:\windows\system32\msjsgok.exe
c:\windows\system32\msjszwem.exe
c:\windows\system32\msjtci.exe
c:\windows\system32\msjtqyg.exe

Re: System Security Virus6th July 2009, 5:52 pm

c:\windows\system32\msjucas.exe
c:\windows\system32\msjula.exe
c:\windows\system32\msjwgkd.exe
c:\windows\system32\msjwh.exe
c:\windows\system32\msjwler.exe
c:\windows\system32\msjybfwg.exe
c:\windows\system32\msjyokxn.exe
c:\windows\system32\msjyopcg.exe
c:\windows\system32\msjys.exe
c:\windows\system32\msjyv.exe
c:\windows\system32\msjzwt.exe
c:\windows\system32\mskaiccs.exe
c:\windows\system32\mskamjo.exe
c:\windows\system32\mskamz.exe
c:\windows\system32\mskbfh.exe
c:\windows\system32\mskbsfy.exe
c:\windows\system32\mskcfbx.exe
c:\windows\system32\mskcgkrg.exe
c:\windows\system32\mskctva.exe
c:\windows\system32\mskfd.exe
c:\windows\system32\mskfy.exe
c:\windows\system32\mskgmdbw.exe
c:\windows\system32\mskgv.exe
c:\windows\system32\mskiexa.exe
c:\windows\system32\mskimb.exe
c:\windows\system32\mskjsev.exe
c:\windows\system32\msklfqv.exe
c:\windows\system32\mskmbc.exe
c:\windows\system32\mskmctnw.exe
c:\windows\system32\mskmmkv.exe
c:\windows\system32\mskmy.exe
c:\windows\system32\msknutq.exe
c:\windows\system32\mskpkl.exe
c:\windows\system32\mskqkx.exe
c:\windows\system32\mskrf.exe
c:\windows\system32\mskrugow.exe
c:\windows\system32\mskrulm.exe
c:\windows\system32\mskrxt.exe
c:\windows\system32\msksakt.exe
c:\windows\system32\mskttiba.exe
c:\windows\system32\mskwb.exe
c:\windows\system32\mskwpwsf.exe
c:\windows\system32\mskwuy.exe
c:\windows\system32\mskylcma.exe
c:\windows\system32\mskys.exe
c:\windows\system32\mskznkah.exe
c:\windows\system32\mslagdc.exe
c:\windows\system32\mslaj.exe
c:\windows\system32\mslbi.exe
c:\windows\system32\mslejlfi.exe
c:\windows\system32\mslgxnvn.exe
c:\windows\system32\mslhwt.exe
c:\windows\system32\mslhzs.exe
c:\windows\system32\mslhzwdv.exe
c:\windows\system32\msliw.exe
c:\windows\system32\msljuxnh.exe
c:\windows\system32\mslkjrc.exe
c:\windows\system32\msllki.exe
c:\windows\system32\msllkyj.exe
c:\windows\system32\msllyuma.exe
c:\windows\system32\mslmrzm.exe
c:\windows\system32\mslpk.exe
c:\windows\system32\mslqvkf.exe
c:\windows\system32\mslrgt.exe
c:\windows\system32\mslrmnd.exe
c:\windows\system32\mslrqw.exe
c:\windows\system32\mslta.exe
c:\windows\system32\msltn.exe
c:\windows\system32\msltrolw.exe
c:\windows\system32\mslus.exe
c:\windows\system32\mslut.exe
c:\windows\system32\msluy.exe
c:\windows\system32\mslvpom.exe
c:\windows\system32\mslwi.exe
c:\windows\system32\mslwm.exe
c:\windows\system32\mslwomql.exe
c:\windows\system32\mslydhw.exe
c:\windows\system32\mslyuym.exe
c:\windows\system32\mslzdyt.exe
c:\windows\system32\mslzi.exe
c:\windows\system32\mslzl.exe
c:\windows\system32\mslzwi.exe
c:\windows\system32\msmajhkj.exe
c:\windows\system32\msmbeya.exe
c:\windows\system32\msmcr.exe
c:\windows\system32\msmehxa.exe
c:\windows\system32\msmfm.exe
c:\windows\system32\msmfn.exe
c:\windows\system32\msmfyt.exe
c:\windows\system32\msmgluq.exe
c:\windows\system32\msmgswr.exe
c:\windows\system32\msmhqs.exe
c:\windows\system32\msmhsnpb.exe
c:\windows\system32\msmjz.exe
c:\windows\system32\msmlrlv.exe
c:\windows\system32\msmocmuj.exe
c:\windows\system32\msmoefgn.exe
c:\windows\system32\msmpsmyq.exe
c:\windows\system32\msmpws.exe
c:\windows\system32\msmun.exe
c:\windows\system32\msmuno.exe
c:\windows\system32\msmuo.exe
c:\windows\system32\msmutrnm.exe
c:\windows\system32\msmvghg.exe
c:\windows\system32\msmvinq.exe
c:\windows\system32\msmvobq.exe
c:\windows\system32\msmvz.exe
c:\windows\system32\msmyv.exe
c:\windows\system32\msnaj.exe
c:\windows\system32\msnak.exe
c:\windows\system32\msnatoae.exe
c:\windows\system32\msnbp.exe
c:\windows\system32\msncbycj.exe
c:\windows\system32\msndb.exe
c:\windows\system32\msnduhh.exe
c:\windows\system32\msnev.exe
c:\windows\system32\msngnblm.exe
c:\windows\system32\msngvmj.exe
c:\windows\system32\msnhfmmi.exe
c:\windows\system32\msnhov.exe
c:\windows\system32\msniqwfv.exe
c:\windows\system32\msnirke.exe
c:\windows\system32\msniuwgr.exe
c:\windows\system32\msnjmgvu.exe
c:\windows\system32\msnkgzxy.exe
c:\windows\system32\msnlapm.exe
c:\windows\system32\msnlcq.exe
c:\windows\system32\msnljhh.exe
c:\windows\system32\msnmkm.exe
c:\windows\system32\msnnror.exe
c:\windows\system32\msnpj.exe
c:\windows\system32\msnpoc.exe
c:\windows\system32\msnptpy.exe
c:\windows\system32\msnpwn.exe
c:\windows\system32\msnqduj.exe
c:\windows\system32\msnqffxd.exe
c:\windows\system32\msnsebjh.exe
c:\windows\system32\msnuebb.exe
c:\windows\system32\msnui.exe
c:\windows\system32\msnvt.exe
c:\windows\system32\msnwgfs.exe
c:\windows\system32\msnwnh.exe
c:\windows\system32\msnxr.exe
c:\windows\system32\msnzxa.exe
c:\windows\system32\msogc.exe
c:\windows\system32\msogea.exe
c:\windows\system32\msogmc.exe
c:\windows\system32\msogx.exe
c:\windows\system32\msohgsi.exe
c:\windows\system32\msohpaw.exe
c:\windows\system32\msokd.exe
c:\windows\system32\msolnc.exe
c:\windows\system32\msolyr.exe
c:\windows\system32\msomzaz.exe
c:\windows\system32\msonlf.exe
c:\windows\system32\msonmq.exe
c:\windows\system32\msooie.exe
c:\windows\system32\msopbjh.exe
c:\windows\system32\msorhw.exe
c:\windows\system32\msosggko.exe
c:\windows\system32\msosj.exe
c:\windows\system32\msota.exe
c:\windows\system32\msotpoe.exe
c:\windows\system32\msouilp.exe
c:\windows\system32\msoulxu.exe
c:\windows\system32\msour.exe
c:\windows\system32\msowlvju.exe
c:\windows\system32\msowwv.exe
c:\windows\system32\msoxx.exe
c:\windows\system32\msozp.exe
c:\windows\system32\mspabvcz.exe
c:\windows\system32\mspauio.exe
c:\windows\system32\mspbg.exe
c:\windows\system32\mspbr.exe
c:\windows\system32\mspbw.exe
c:\windows\system32\mspehaib.exe
c:\windows\system32\mspffyg.exe
c:\windows\system32\mspfq.exe
c:\windows\system32\mspfvk.exe
c:\windows\system32\mspfzn.exe
c:\windows\system32\msphgy.exe
c:\windows\system32\msphu.exe
c:\windows\system32\mspid.exe
c:\windows\system32\mspiqiyr.exe
c:\windows\system32\mspja.exe
c:\windows\system32\mspjcl.exe
c:\windows\system32\mspjidkk.exe
c:\windows\system32\mspjuw.exe
c:\windows\system32\mspkdk.exe
c:\windows\system32\msplis.exe
c:\windows\system32\msplqt.exe
c:\windows\system32\mspne.exe
c:\windows\system32\mspniu.exe
c:\windows\system32\mspoupkp.exe
c:\windows\system32\mspppp.exe
c:\windows\system32\mspprrbd.exe
c:\windows\system32\mspqo.exe
c:\windows\system32\mspskr.exe
c:\windows\system32\mspum.exe
c:\windows\system32\mspvraek.exe
c:\windows\system32\mspwb.exe
c:\windows\system32\mspwyng.exe
c:\windows\system32\mspxuq.exe
c:\windows\system32\mspyhkey.exe
c:\windows\system32\mspyva.exe
c:\windows\system32\msqaadpz.exe
c:\windows\system32\msqaeg.exe
c:\windows\system32\msqak.exe
c:\windows\system32\msqaqqt.exe
c:\windows\system32\msqatg.exe
c:\windows\system32\msqbhp.exe
c:\windows\system32\msqcctw.exe
c:\windows\system32\msqdc.exe
c:\windows\system32\msqfa.exe
c:\windows\system32\msqfta.exe
c:\windows\system32\msqggn.exe
c:\windows\system32\msqgyz.exe
c:\windows\system32\msqijgbj.exe
c:\windows\system32\msqloov.exe

Re: System Security Virus6th July 2009, 5:53 pm

c:\windows\system32\msqmrg.exe
c:\windows\system32\msqohkc.exe
c:\windows\system32\msqoq.exe
c:\windows\system32\msqpkwi.exe
c:\windows\system32\msqqnjig.exe
c:\windows\system32\msqqob.exe
c:\windows\system32\msqrjc.exe
c:\windows\system32\msqrys.exe
c:\windows\system32\msqseue.exe
c:\windows\system32\msqsey.exe
c:\windows\system32\msqskdji.exe
c:\windows\system32\msqsnrm.exe
c:\windows\system32\msqsnyl.exe
c:\windows\system32\msqsvn.exe
c:\windows\system32\msqvubc.exe
c:\windows\system32\msraufxh.exe
c:\windows\system32\msravn.exe
c:\windows\system32\msrbh.exe
c:\windows\system32\msrbi.exe
c:\windows\system32\msrbnsai.exe
c:\windows\system32\msrdsc.exe
c:\windows\system32\msrflpxe.exe
c:\windows\system32\msrgqm.exe
c:\windows\system32\msrhm.exe
c:\windows\system32\msrhpg.exe
c:\windows\system32\msrjzx.exe
c:\windows\system32\msrkr.exe
c:\windows\system32\msrmxyzv.exe
c:\windows\system32\msrndqvl.exe
c:\windows\system32\msrnjia.exe
c:\windows\system32\msroigsm.exe
c:\windows\system32\msromg.exe
c:\windows\system32\msrqia.exe
c:\windows\system32\msrrcph.exe
c:\windows\system32\msrrmor.exe
c:\windows\system32\msrtndp.exe
c:\windows\system32\msruxjq.exe
c:\windows\system32\msrvq.exe
c:\windows\system32\msrvrhzr.exe
c:\windows\system32\msrwy.exe
c:\windows\system32\msrxb.exe
c:\windows\system32\msrxbwk.exe
c:\windows\system32\msrybo.exe
c:\windows\system32\msrybz.exe
c:\windows\system32\msryou.exe
c:\windows\system32\msryyakj.exe
c:\windows\system32\msrzrl.exe
c:\windows\system32\msrzw.exe
c:\windows\system32\mssbwncb.exe
c:\windows\system32\mssbzgk.exe
c:\windows\system32\mssdaa.exe
c:\windows\system32\mssdniij.exe
c:\windows\system32\mssfgh.exe
c:\windows\system32\mukmil.dll
c:\windows\system32\oc9
c:\windows\system32\pcmstub.sys
c:\windows\system32\shel9
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wiawow32.sys
c:\windows\system32\yyadd.ini
c:\windows\system32\yyadd.ini2

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruifvkibaiq
-------\Legacy_6TO4
-------\Legacy_DRV
-------\Legacy_PCMSTUB
-------\Service_6to4
-------\Service_drv
-------\Service_pcmstub

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-04 23:42 . 2009-07-04 23:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-03 05:46 . 2009-07-03 05:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-02 20:35 . 2009-07-02 20:35 -------- d-----w- c:\windows\ie8updates
2009-07-02 20:15 . 2009-07-03 06:10 112910 ----a-w- C:\MGlogs.zip
2009-07-02 20:14 . 2009-07-04 23:05 -------- d-----w- C:\MGtools
2009-07-02 19:12 . 2009-07-02 19:12 0 ----a-w- c:\windows\system32\lich.dat
2009-07-02 19:05 . 2009-07-02 19:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-02 19:00 . 2009-07-02 19:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-02 18:57 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-02 18:57 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 15:55 . 2009-07-02 15:55 -------- d-sh--w- c:\documents and settings\Kara Hudon\IECompatCache
2009-07-02 15:54 . 2009-07-02 15:54 -------- d-sh--w- c:\documents and settings\Kara Hudon\PrivacIE
2009-07-02 15:47 . 2009-07-02 15:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-02 15:46 . 2009-07-02 15:46 -------- d-sh--w- c:\documents and settings\Kara Hudon\IETldCache
2009-07-02 15:32 . 2009-07-02 15:33 -------- dc-h--w- c:\windows\ie8
2009-07-02 00:18 . 2009-07-02 00:18 122080 ----a-w- C:\cfrm.exe
2009-07-02 00:04 . 2009-07-02 00:04 127488 ---h--w- c:\windows\system32\mswnccgz.exe
2009-07-02 00:01 . 2009-07-02 00:01 86016 ----a-w- c:\windows\system32\lich.exe
2009-07-02 00:00 . 2009-07-02 00:00 -------- d-----w- c:\program files\drv
2009-07-02 00:00 . 2009-07-02 00:00 28672 ----a-w- C:\fdvjfx.exe
2009-06-25 16:21 . 2009-06-25 16:21 -------- d-----w- c:\documents and settings\Kara Hudon\Local Settings\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:08 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 04:55 . 2009-07-02 00:34 4 ---h--w- c:\windows\Fonts\mlog
2009-07-04 23:46 . 2009-03-20 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 23:46 . 2009-03-20 16:26 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-02 18:31 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-02 05:28 . 2009-07-02 06:03 1952 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-06-25 16:08 . 2008-06-12 18:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 16:08 . 2008-06-12 18:31 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 16:08 . 2008-06-12 18:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 15:27 . 2009-03-20 16:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 03:01 . 2006-06-13 01:27 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AdobeUM
2009-05-20 16:23 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AVGTOOLBAR
2009-05-20 16:22 . 2009-05-20 16:22 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Red Kawa
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\Red Kawa
2009-05-20 16:20 . 2007-01-29 05:15 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Vso
2009-05-19 02:26 . 2006-06-09 21:47 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Apple Computer
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\program files\iTunes
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 02:12 . 2009-05-19 02:12 -------- d-----w- c:\program files\iPod
2009-05-19 02:11 . 2009-05-19 02:11 -------- d-----w- c:\program files\Bonjour
2009-05-19 02:10 . 2009-05-19 02:10 -------- d-----w- c:\program files\QuickTime
2009-05-19 02:05 . 2009-05-19 02:05 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 01:00 . 2008-06-12 18:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-29 01:06 . 2006-12-18 01:31 56 --sh--r- c:\windows\system32\1442C91D9C.sys
2008-10-05 14:43 . 2006-06-09 20:39 88 --sh--r- c:\windows\system32\9C1DC94214.sys
2008-10-05 14:43 . 2006-06-09 20:39 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

Re: System Security Virus6th July 2009, 5:54 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-5 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aim6.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\fonts\\services.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2008 2:31 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2008 2:31 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/29/2008 12:37 PM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 2:45 PM 298776]
S1 drvdrv;drvdrv;\??\c:\program files\drv\drv.sys --> c:\program files\drv\drv.sys [?]
S2 xbmhki;xbmhki;c:\windows\system32\drivers\fnvbf.sys --> c:\windows\system32\drivers\fnvbf.sys [?]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]
S4 lich;lich;c:\windows\system32\lich.exe [7/1/2009 8:01 PM 86016]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2007 3:18 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-A00F68AE37.exe - c:\docume~1\KARAHU~1\LOCALS~1\Temp\_A00F68AE37.exe
HKCU-Run-hsf7husjnfg98gi498aejhiugjkdg4 - c:\docume~1\KARAHU~1\LOCALS~1\Temp\hnrnad.exe
HKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe
HKCU-Run-Windows System Recover! - c:\docume~1\KARAHU~1\LOCALS~1\Temp\login.exe
HKCU-Run-Aim6 - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Kara Hudon\Application Data\Mozilla\Firefox\Profiles\9d9q2bal.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 13:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\7d8e9e7cdef90eef8fbb287e74086fa9.sys 39936 bytes executable
c:\windows\system32\_7d8e9e7cdef90eef8fbb287e74086fa9.sys_.vir 39936 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\7d8e9e7cdef90eef8fbb287e74086fa9]
"ImagePath"="system32\7d8e9e7cdef90eef8fbb287e74086fa9.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\0*! 2*]
"Path"="c:\\Documents and Settings\\Kara Hudon\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\È* 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1464)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-07-06 13:45 - machine was rebooted [Kara Hudon]
ComboFix-quarantined-files.txt 2009-07-06 17:45

Pre-Run: 24,108,789,760 bytes free
Post-Run: 22,857,265,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

836 --- E O F --- 2009-07-02 20:35

Re: System Security Virus6th July 2009, 6:04 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
C:\MGlogs.zip
c:\windows\system32\lich.dat
C:\cfrm.exe
c:\windows\system32\mswnccgz.exe
c:\windows\system32\lich.exe
C:\fdvjfx.exe

Folder::
c:\program files\drv
C:\MGtools

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\fonts\\services.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"drv"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\7d8e9e7cdef90eef8fbb287e74086fa9]

Driver::
drvdrv
xbmhki
lich

ROOTKIT::
c:\windows\system32\7d8e9e7cdef90eef8fbb287e74086fa9.sys
c:\windows\system32\_7d8e9e7cdef90eef8fbb287e74086fa9.sys_.vir

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
System Security Virus Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Re: System Security Virus6th July 2009, 7:09 pm

I accidently closed the report....where do I find it?

Re: System Security Virus6th July 2009, 7:26 pm

C:\Combofix.txt

Re: System Security Virus6th July 2009, 7:40 pm

ComboFix 09-07-05.04 - Kara Hudon 07/06/2009 14:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.470 [GMT -4:00]
Running from: c:\documents and settings\Kara Hudon\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Kara Hudon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\cfrm.exe"
"C:\fdvjfx.exe"
"C:\MGlogs.zip"
"c:\windows\system32\lich.dat"
"c:\windows\system32\lich.exe"
"c:\windows\system32\mswnccgz.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cfrm.exe
C:\fdvjfx.exe
C:\MGlogs.zip
C:\MGtools
c:\mgtools\backups\backup-20090704-190542-115
c:\mgtools\backups\backup-20090704-190542-218
c:\mgtools\backups\backup-20090704-190542-580
c:\mgtools\backups\backup-20090704-190542-633
c:\mgtools\backups\backup-20090704-190542-634
c:\mgtools\backups\backup-20090704-190542-720
c:\mgtools\backups\backup-20090704-190542-752
c:\mgtools\backups\backup-20090704-190542-875
c:\mgtools\backups\backup-20090704-190542-880
c:\mgtools\backups\backup-20090704-190542-887
c:\mgtools\backups\backup-20090704-190542-929
c:\mgtools\backups\backup-20090704-190542-940
c:\mgtools\chodefix.bat
c:\mgtools\config.reg
c:\mgtools\DisableUAC.reg
c:\mgtools\EnableUAC.reg
c:\mgtools\ffdata.txt
c:\mgtools\filelog.txt
c:\mgtools\FindOVL.bat
c:\mgtools\FixBagle.bat
c:\mgtools\fixBagle.reg
c:\mgtools\FixCF.bat
c:\mgtools\fixCF.reg
c:\mgtools\fixChode.reg
c:\mgtools\FixFA.bat
c:\mgtools\fixFA.reg
c:\mgtools\flowers.log
c:\mgtools\GetDetails.exe
c:\mgtools\GetLogs.Bat
c:\mgtools\GetRunKey.bat
c:\mgtools\GetUnKey.txt
c:\mgtools\GetUnKeys.bat
c:\mgtools\grep.exe
c:\mgtools\GRK64.bat
c:\mgtools\hide.reg
c:\mgtools\history.txt
c:\mgtools\HTAfind.bat
c:\mgtools\IEFIX.reg
c:\mgtools\locate.com
c:\mgtools\ltime.exe
c:\mgtools\MGclean.bat
c:\mgtools\newfiles.txt
c:\mgtools\procdll.txt
c:\mgtools\Process.exe
c:\mgtools\ProcessDll.exe
c:\mgtools\Regfix.bat
c:\mgtools\runkeys.txt
c:\mgtools\RunMB.bat
c:\mgtools\sed.exe
c:\mgtools\ShowNew.bat
c:\mgtools\SN64.bat
c:\mgtools\swreg.exe
c:\mgtools\swwhoami.exe
c:\mgtools\sysinfo.txt
c:\mgtools\sysrest.txt
c:\mgtools\unhide.reg
c:\mgtools\UserInfo.bat
c:\mgtools\UserInfo.txt
c:\mgtools\vfind.exe
c:\mgtools\VunFind.bat
c:\mgtools\winfiles.txt
c:\mgtools\winlogon.exe
c:\mgtools\zip.exe
c:\program files\drv
c:\program files\drv\drv.dll
c:\windows\system32\lich.dat
c:\windows\system32\lich.exe
c:\windows\system32\msshjha.exe
c:\windows\system32\msshonf.exe
c:\windows\system32\msshv.exe
c:\windows\system32\mssiiii.exe
c:\windows\system32\mssizgn.exe
c:\windows\system32\msskmmw.exe
c:\windows\system32\msskta.exe
c:\windows\system32\msslt.exe
c:\windows\system32\mssmcfyz.exe
c:\windows\system32\mssnkfyk.exe
c:\windows\system32\mssnmxi.exe
c:\windows\system32\mssnqa.exe
c:\windows\system32\mssnuu.exe
c:\windows\system32\mssolc.exe
c:\windows\system32\mssoyqe.exe
c:\windows\system32\msspencs.exe
c:\windows\system32\msspm.exe
c:\windows\system32\msspt.exe
c:\windows\system32\msspufq.exe
c:\windows\system32\mssqocfq.exe
c:\windows\system32\mssqsrf.exe
c:\windows\system32\mssrwj.exe
c:\windows\system32\mssshmb.exe
c:\windows\system32\mssstb.exe
c:\windows\system32\msstqwff.exe
c:\windows\system32\mssvg.exe
c:\windows\system32\msswyvwv.exe
c:\windows\system32\msswz.exe
c:\windows\system32\mssyhw.exe
c:\windows\system32\msszbuii.exe
c:\windows\system32\mssznsn.exe
c:\windows\system32\mstalgsy.exe
c:\windows\system32\mstara.exe
c:\windows\system32\mstax.exe
c:\windows\system32\mstda.exe
c:\windows\system32\mstdjee.exe
c:\windows\system32\mstdn.exe
c:\windows\system32\mstdphc.exe
c:\windows\system32\mstebpf.exe
c:\windows\system32\mstfdi.exe
c:\windows\system32\mstjphb.exe
c:\windows\system32\mstjtobb.exe
c:\windows\system32\mstlrhy.exe
c:\windows\system32\mstlswu.exe
c:\windows\system32\mstmf.exe
c:\windows\system32\mstmgg.exe
c:\windows\system32\mstmroe.exe
c:\windows\system32\mstnpb.exe
c:\windows\system32\mstnpbr.exe
c:\windows\system32\mstphaih.exe
c:\windows\system32\mstplig.exe
c:\windows\system32\mstpzt.exe
c:\windows\system32\mstqb.exe
c:\windows\system32\mstqiii.exe
c:\windows\system32\mstqmmgl.exe
c:\windows\system32\mstrvxrj.exe
c:\windows\system32\mstrwtaa.exe
c:\windows\system32\mstsryp.exe
c:\windows\system32\mstvog.exe
c:\windows\system32\mstwrhb.exe
c:\windows\system32\mstzyqx.exe
c:\windows\system32\msubpi.exe
c:\windows\system32\msudbu.exe
c:\windows\system32\msudcozb.exe
c:\windows\system32\msueaxr.exe
c:\windows\system32\msuemxsj.exe
c:\windows\system32\msufi.exe
c:\windows\system32\msuhiyf.exe
c:\windows\system32\msuhzvfr.exe
c:\windows\system32\msuittkc.exe
c:\windows\system32\msuiuzv.exe
c:\windows\system32\msumyblk.exe
c:\windows\system32\msuneldz.exe
c:\windows\system32\msunmv.exe
c:\windows\system32\msuovcx.exe
c:\windows\system32\msupye.exe
c:\windows\system32\msurowds.exe
c:\windows\system32\msusbjc.exe
c:\windows\system32\msutszrh.exe
c:\windows\system32\msuuo.exe
c:\windows\system32\msuup.exe
c:\windows\system32\msuvcdq.exe
c:\windows\system32\msuvipnt.exe
c:\windows\system32\msuvzbt.exe
c:\windows\system32\msuwgy.exe
c:\windows\system32\msuyc.exe
c:\windows\system32\msuykpp.exe
c:\windows\system32\msvakv.exe
c:\windows\system32\msvblxq.exe
c:\windows\system32\msvcqkl.exe
c:\windows\system32\msvdijv.exe
c:\windows\system32\msvdkqtz.exe
c:\windows\system32\msvdrgxp.exe
c:\windows\system32\msvealip.exe
c:\windows\system32\msveg.exe
c:\windows\system32\msvek.exe
c:\windows\system32\msvezvgi.exe
c:\windows\system32\msvhe.exe
c:\windows\system32\msvik.exe
c:\windows\system32\msvjtje.exe
c:\windows\system32\msvkqv.exe
c:\windows\system32\msvln.exe
c:\windows\system32\msvnh.exe
c:\windows\system32\msvos.exe
c:\windows\system32\msvpg.exe
c:\windows\system32\msvqqzo.exe
c:\windows\system32\msvrrhc.exe
c:\windows\system32\msvrs.exe
c:\windows\system32\msvspigl.exe
c:\windows\system32\msvsvuqv.exe

Re: System Security Virus6th July 2009, 7:40 pm

c:\windows\system32\msvsy.exe
c:\windows\system32\msvuoct.exe
c:\windows\system32\msvwcafu.exe
c:\windows\system32\msvyb.exe
c:\windows\system32\msvydudn.exe
c:\windows\system32\msvyls.exe
c:\windows\system32\msvynp.exe
c:\windows\system32\msvzhcw.exe
c:\windows\system32\mswagwsd.exe
c:\windows\system32\mswbl.exe
c:\windows\system32\mswbs.exe
c:\windows\system32\mswcipw.exe
c:\windows\system32\mswcsz.exe
c:\windows\system32\mswdsx.exe
c:\windows\system32\mswfrozl.exe
c:\windows\system32\mswgdgow.exe
c:\windows\system32\mswgur.exe
c:\windows\system32\mswher.exe
c:\windows\system32\mswheti.exe
c:\windows\system32\mswhkboi.exe
c:\windows\system32\mswir.exe
c:\windows\system32\mswiz.exe
c:\windows\system32\mswlbc.exe
c:\windows\system32\mswleaz.exe
c:\windows\system32\mswlfqks.exe
c:\windows\system32\mswltyp.exe
c:\windows\system32\mswmdf.exe
c:\windows\system32\mswmvcs.exe
c:\windows\system32\mswnccgz.exe
c:\windows\system32\mswnraw.exe
c:\windows\system32\mswpf.exe
c:\windows\system32\mswpyvj.exe
c:\windows\system32\mswpzdz.exe
c:\windows\system32\mswqvy.exe
c:\windows\system32\mswrls.exe
c:\windows\system32\mswsraav.exe
c:\windows\system32\mswtd.exe
c:\windows\system32\mswtli.exe
c:\windows\system32\mswtqx.exe
c:\windows\system32\mswubbaa.exe
c:\windows\system32\mswuymws.exe
c:\windows\system32\mswuz.exe
c:\windows\system32\mswvsldl.exe
c:\windows\system32\mswwb.exe
c:\windows\system32\mswwnoa.exe
c:\windows\system32\mswxckx.exe
c:\windows\system32\mswxgq.exe
c:\windows\system32\mswxml.exe
c:\windows\system32\mswyhbdu.exe
c:\windows\system32\mswzbhee.exe
c:\windows\system32\msxajwt.exe
c:\windows\system32\msxcdk.exe
c:\windows\system32\msxcsik.exe
c:\windows\system32\msxdnjne.exe
c:\windows\system32\msxfi.exe
c:\windows\system32\msxilpqb.exe
c:\windows\system32\msxivjk.exe
c:\windows\system32\msxjia.exe
c:\windows\system32\msxjjwxe.exe
c:\windows\system32\msxlkbbb.exe
c:\windows\system32\msxlzzsy.exe
c:\windows\system32\msxoio.exe
c:\windows\system32\msxpxp.exe
c:\windows\system32\msxqnnwg.exe
c:\windows\system32\msxuhfkj.exe

Re: System Security Virus6th July 2009, 7:41 pm

c:\windows\system32\msxvvvl.exe
c:\windows\system32\msxzkak.exe
c:\windows\system32\msyafdfa.exe
c:\windows\system32\msyan.exe
c:\windows\system32\msyau.exe
c:\windows\system32\msybqx.exe
c:\windows\system32\msycdl.exe
c:\windows\system32\msycik.exe
c:\windows\system32\msycizlk.exe
c:\windows\system32\msydbo.exe
c:\windows\system32\msydmse.exe
c:\windows\system32\msydnww.exe
c:\windows\system32\msydwyfs.exe
c:\windows\system32\msyecg.exe
c:\windows\system32\msyfbz.exe
c:\windows\system32\msygja.exe
c:\windows\system32\msygo.exe
c:\windows\system32\msyhbni.exe
c:\windows\system32\msyhetw.exe
c:\windows\system32\msyhzhhw.exe
c:\windows\system32\msykpxi.exe
c:\windows\system32\msyle.exe
c:\windows\system32\msymfkgo.exe
c:\windows\system32\msymg.exe
c:\windows\system32\msynpna.exe
c:\windows\system32\msynwq.exe
c:\windows\system32\msyoobc.exe
c:\windows\system32\msyoozr.exe
c:\windows\system32\msyouj.exe
c:\windows\system32\msyqtwlh.exe
c:\windows\system32\msyraexn.exe
c:\windows\system32\msyrbq.exe
c:\windows\system32\msyssn.exe
c:\windows\system32\msytj.exe
c:\windows\system32\msytr.exe
c:\windows\system32\msyuf.exe
c:\windows\system32\msyvb.exe
c:\windows\system32\msyyk.exe
c:\windows\system32\mszay.exe
c:\windows\system32\mszdn.exe
c:\windows\system32\mszeo.exe
c:\windows\system32\mszes.exe
c:\windows\system32\mszfpmlm.exe
c:\windows\system32\mszfpvwq.exe
c:\windows\system32\mszfz.exe
c:\windows\system32\mszgt.exe
c:\windows\system32\mszhdic.exe
c:\windows\system32\mszhjog.exe
c:\windows\system32\mszjwcd.exe
c:\windows\system32\mszkelwg.exe
c:\windows\system32\mszld.exe
c:\windows\system32\mszlqpr.exe
c:\windows\system32\mszlrg.exe
c:\windows\system32\mszlyv.exe
c:\windows\system32\msznlulq.exe
c:\windows\system32\msznx.exe
c:\windows\system32\msznxi.exe
c:\windows\system32\mszpe.exe
c:\windows\system32\mszrugb.exe
c:\windows\system32\mszrxoy.exe
c:\windows\system32\mszsk.exe
c:\windows\system32\msztds.exe
c:\windows\system32\mszvo.exe
c:\windows\system32\mszwj.exe
c:\windows\system32\mszyfye.exe
c:\windows\system32\mszyvz.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRVDRV
-------\Legacy_LICH
-------\Legacy_XBMHKI
-------\Service_drvdrv
-------\Service_lich
-------\Service_xbmhki
-------\Service_7d8e9e7cdef90eef8fbb287e74086fa9

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 18:35 . 2009-07-06 18:35 -------- d-sh--w- C:\found.000
2009-07-06 17:34 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-04 23:42 . 2009-07-04 23:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-07-03 06:10 . 2009-07-03 06:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-03 05:46 . 2009-07-03 05:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-02 20:35 . 2009-07-02 20:35 -------- d-----w- c:\windows\ie8updates
2009-07-02 19:05 . 2009-07-02 19:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-02 19:00 . 2009-07-02 19:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-02 18:57 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-02 18:57 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 15:55 . 2009-07-02 15:55 -------- d-sh--w- c:\documents and settings\Kara Hudon\IECompatCache
2009-07-02 15:54 . 2009-07-02 15:54 -------- d-sh--w- c:\documents and settings\Kara Hudon\PrivacIE
2009-07-02 15:47 . 2009-07-02 15:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-02 15:46 . 2009-07-02 15:46 -------- d-sh--w- c:\documents and settings\Kara Hudon\IETldCache
2009-07-02 15:32 . 2009-07-02 15:33 -------- dc-h--w- c:\windows\ie8
2009-06-25 16:21 . 2009-06-25 16:21 -------- d-----w- c:\documents and settings\Kara Hudon\Local Settings\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:08 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-25 16:09 . 2009-06-25 16:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR

Re: System Security Virus6th July 2009, 7:41 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 04:55 . 2009-07-02 00:34 4 ---h--w- c:\windows\Fonts\mlog
2009-07-04 23:46 . 2009-03-20 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 23:46 . 2009-03-20 16:26 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-02 18:31 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-02 05:28 . 2009-07-02 06:03 1952 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-06-25 16:08 . 2008-06-12 18:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 16:08 . 2008-06-12 18:31 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 16:08 . 2008-06-12 18:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 15:27 . 2009-03-20 16:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 03:01 . 2006-06-13 01:27 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AdobeUM
2009-05-20 16:23 . 2008-06-12 18:31 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\AVGTOOLBAR
2009-05-20 16:22 . 2009-05-20 16:22 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Red Kawa
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-20 16:21 . 2009-05-20 16:21 -------- d-----w- c:\program files\Red Kawa
2009-05-20 16:20 . 2007-01-29 05:15 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Vso
2009-05-19 02:26 . 2006-06-09 21:47 -------- d-----w- c:\documents and settings\Kara Hudon\Application Data\Apple Computer
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\program files\iTunes
2009-05-19 02:13 . 2009-05-19 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 02:12 . 2009-05-19 02:12 -------- d-----w- c:\program files\iPod
2009-05-19 02:11 . 2009-05-19 02:11 -------- d-----w- c:\program files\Bonjour
2009-05-19 02:10 . 2009-05-19 02:10 -------- d-----w- c:\program files\QuickTime
2009-05-19 02:05 . 2009-05-19 02:05 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 01:00 . 2008-06-12 18:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-08-29 01:06 . 2006-12-18 01:31 56 --sh--r- c:\windows\system32\1442C91D9C.sys
2008-10-05 14:43 . 2006-06-09 20:39 88 --sh--r- c:\windows\system32\9C1DC94214.sys
2008-10-05 14:43 . 2006-06-09 20:39 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-5 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 16:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149888426\\ee\\aim6.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2008 2:31 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2008 2:31 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/29/2008 12:37 PM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 2:45 PM 298776]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2007 3:18 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Kara Hudon\Application Data\Mozilla\Firefox\Profiles\9d9q2bal.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 15:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\0*! 2*]
"Path"="c:\\Documents and Settings\\Kara Hudon\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\È* 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-06 15:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 19:07
ComboFix2.txt 2009-07-06 17:45

Pre-Run: 22,847,897,600 bytes free
Post-Run: 22,800,965,632 bytes free

562 --- E O F --- 2009-07-02 20:35

Re: System Security Virus6th July 2009, 8:04 pm

Hello.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Re: System Security Virus6th July 2009, 9:19 pm

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe After Effects 6.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Premiere Pro
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
a-squared Free 4.0
AudibleManager
Avery Wizard 3.1
AVG Free 8.5
AviSynth 2.5
Bonjour
Broadcom Management Programs
CardRd81
CCleaner (remove only)
CCScore
CleanUp!
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
CR2
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision W
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Game Console
Dell Laser Printer 1110 Software Uninstall
Dell Support Center (Support Software)
DellConnect
DellSupport
Digital Content Portal
Digital Line Detect
DivX Content Uploader
DivX Web Player
Documentation & Support Launcher
DVD43 v3.9.0
EducateU
ELIcon
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
GemMaster Mystic
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Keylight (1.0v3) for Adobe After Effects
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.11)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch for Windows Media Player
Musicmatch

Jukebox
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting

Re: System Security Virus6th July 2009, 9:19 pm

Notifier
OTtBP
OTtBPSDK
Otto
Polar Bowler
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SFR
SHASTA
SKIN0001
SKINXSDK
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
V CAST Music with Rhapsody
Veoh Player
Videora iPod Converter 4.07
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WIRELESS
WordPerfect Office 12
ZENcast Organizer

Re: System Security Virus6th July 2009, 9:29 pm

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Re: System Security Virus6th July 2009, 9:54 pm

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7/6/2009 5:53:43 PM
mbam-log-2009-07-06 (17-53-43).txt

Scan type: Quick Scan
Objects scanned: 97058
Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mmkl.kl.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Fonts\logcde.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\windef.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.

System Security Virus

descriptionSystem Security Virus2nd July 2009, 5:07 am

descriptionRe: System Security Virus2nd July 2009, 9:34 am

descriptionRe: System Security Virus2nd July 2009, 5:53 pm

descriptionRe: System Security Virus2nd July 2009, 5:56 pm

descriptionRe: System Security Virus2nd July 2009, 5:59 pm

descriptionRe: System Security Virus2nd July 2009, 6:00 pm

descriptionRe: System Security Virus2nd July 2009, 6:01 pm

descriptionRe: System Security Virus2nd July 2009, 6:03 pm

descriptionRe: System Security Virus2nd July 2009, 6:07 pm

descriptionRe: System Security Virus2nd July 2009, 7:11 pm

descriptionRe: System Security Virus2nd July 2009, 7:15 pm

descriptionRe: System Security Virus2nd July 2009, 7:25 pm

descriptionRe: System Security Virus2nd July 2009, 7:31 pm

descriptionRe: System Security Virus2nd July 2009, 7:46 pm

descriptionRe: System Security Virus2nd July 2009, 7:49 pm

descriptionRe: System Security Virus2nd July 2009, 7:51 pm

descriptionRe: System Security Virus2nd July 2009, 7:56 pm

descriptionRe: System Security Virus2nd July 2009, 7:59 pm

descriptionRe: System Security Virus2nd July 2009, 8:06 pm

descriptionRe: System Security Virus2nd July 2009, 8:08 pm

descriptionRe: System Security Virus2nd July 2009, 8:20 pm

descriptionRe: System Security Virus3rd July 2009, 6:22 am

descriptionRe: System Security Virus3rd July 2009, 3:45 pm

descriptionRe: System Security Virus3rd July 2009, 10:30 pm

descriptionRe: System Security Virus4th July 2009, 2:10 pm

descriptionRe: System Security Virus4th July 2009, 10:14 pm

descriptionRe: System Security Virus4th July 2009, 10:47 pm

descriptionRe: System Security Virus4th July 2009, 11:17 pm

descriptionRe: System Security Virus4th July 2009, 11:46 pm

descriptionRe: System Security Virus5th July 2009, 7:15 pm

descriptionRe: System Security Virus5th July 2009, 10:56 pm

descriptionRe: System Security Virus5th July 2009, 11:02 pm

descriptionRe: System Security Virus6th July 2009, 2:03 pm

descriptionRe: System Security Virus6th July 2009, 5:51 pm

descriptionRe: System Security Virus6th July 2009, 5:52 pm

descriptionRe: System Security Virus6th July 2009, 5:52 pm

descriptionRe: System Security Virus6th July 2009, 5:53 pm

descriptionRe: System Security Virus6th July 2009, 5:54 pm

descriptionRe: System Security Virus6th July 2009, 6:04 pm

descriptionRe: System Security Virus6th July 2009, 7:09 pm

descriptionRe: System Security Virus6th July 2009, 7:26 pm

descriptionRe: System Security Virus6th July 2009, 7:40 pm

descriptionRe: System Security Virus6th July 2009, 7:40 pm

descriptionRe: System Security Virus6th July 2009, 7:41 pm

descriptionRe: System Security Virus6th July 2009, 7:41 pm

descriptionRe: System Security Virus6th July 2009, 8:04 pm

descriptionRe: System Security Virus6th July 2009, 9:19 pm

descriptionRe: System Security Virus6th July 2009, 9:19 pm

descriptionRe: System Security Virus6th July 2009, 9:29 pm

descriptionRe: System Security Virus6th July 2009, 9:54 pm

descriptionRe: System Security Virus

System Security Virus2nd July 2009, 5:07 am

Re: System Security Virus2nd July 2009, 9:34 am

Re: System Security Virus2nd July 2009, 5:53 pm

Re: System Security Virus2nd July 2009, 5:56 pm

Re: System Security Virus2nd July 2009, 5:59 pm

Re: System Security Virus2nd July 2009, 6:00 pm

Re: System Security Virus2nd July 2009, 6:01 pm

Re: System Security Virus2nd July 2009, 6:03 pm

Re: System Security Virus2nd July 2009, 6:07 pm

Re: System Security Virus2nd July 2009, 7:11 pm

Re: System Security Virus2nd July 2009, 7:15 pm

Re: System Security Virus2nd July 2009, 7:25 pm

Re: System Security Virus2nd July 2009, 7:31 pm

Re: System Security Virus2nd July 2009, 7:46 pm

Re: System Security Virus2nd July 2009, 7:49 pm

Re: System Security Virus2nd July 2009, 7:51 pm

Re: System Security Virus2nd July 2009, 7:56 pm

Re: System Security Virus2nd July 2009, 7:59 pm

Re: System Security Virus2nd July 2009, 8:06 pm

Re: System Security Virus2nd July 2009, 8:08 pm

Re: System Security Virus2nd July 2009, 8:20 pm

Re: System Security Virus3rd July 2009, 6:22 am

Re: System Security Virus3rd July 2009, 3:45 pm

Re: System Security Virus3rd July 2009, 10:30 pm

Re: System Security Virus4th July 2009, 2:10 pm

Re: System Security Virus4th July 2009, 10:14 pm

Re: System Security Virus4th July 2009, 10:47 pm

Re: System Security Virus4th July 2009, 11:17 pm

Re: System Security Virus4th July 2009, 11:46 pm

Re: System Security Virus5th July 2009, 7:15 pm

Re: System Security Virus5th July 2009, 10:56 pm

Re: System Security Virus5th July 2009, 11:02 pm

Re: System Security Virus6th July 2009, 2:03 pm

Re: System Security Virus6th July 2009, 5:51 pm

Re: System Security Virus6th July 2009, 5:52 pm

Re: System Security Virus6th July 2009, 5:52 pm

Re: System Security Virus6th July 2009, 5:53 pm

Re: System Security Virus6th July 2009, 5:54 pm

Re: System Security Virus6th July 2009, 6:04 pm

Re: System Security Virus6th July 2009, 7:09 pm

Re: System Security Virus6th July 2009, 7:26 pm

Re: System Security Virus6th July 2009, 7:40 pm

Re: System Security Virus6th July 2009, 7:40 pm

Re: System Security Virus6th July 2009, 7:41 pm

Re: System Security Virus6th July 2009, 7:41 pm

Re: System Security Virus6th July 2009, 8:04 pm

Re: System Security Virus6th July 2009, 9:19 pm

Re: System Security Virus6th July 2009, 9:19 pm

Re: System Security Virus6th July 2009, 9:29 pm

Re: System Security Virus6th July 2009, 9:54 pm

Re: System Security Virus