Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Need help with an infected computer
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Need help with an infected computer  
Forum Quick Jump
 
New Topic Post reply to : Need help with an infected computer Printable version of : Need help with an infected computer
[ << Previous Thread | Next Thread >> ]

Q-TIP
New Member


Date Joined Feb 2007
Total Posts : 6
  		   Posted 7-27-2008 10:59 (GMT +1)    Quote: Need help with an infected computerAlert an admin about: Need help with an infected computer
My computer got bombarded by a bunch of viruses and malware the other day and I was able to get rid of most of the infection with all of the various scanners I have but AVG is still telling me I have a bunch of viruses in some folder called System_Information. The online scan said I had viruses that I didn't even know about. If someone would please look at my logs it would be greatly appreciated.

Deckard's System Scanner v20071014.68
Run by Q-TIP on 2008-07-25 21:10:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
105: 2008-07-26 01:10:57 UTC - RP615 - Deckard's System Scanner Restore Point
104: 2008-07-26 01:04:11 UTC - RP614 - Removed STOPzilla!. Available with Windows Installer version 1.2 and later.
103: 2008-07-26 00:41:34 UTC - RP613 - Installed STOPzilla!. Available with Windows Installer version 1.2 and later.
102: 2008-07-26 00:41:17 UTC - RP612 - Removed STOPzilla!
101: 2008-07-26 00:37:09 UTC - RP611 - Installed STOPzilla!


-- First Restore Point --
1: 2008-07-19 13:59:48 UTC - RP511 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Q-TIP.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:29 PM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Q-TIP\Desktop\dss.exe
C:\DOWNLO~1\Q-TIP.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: {56a52410-892c-620b-1c54-0daab11d09f4} - {4f90d11b-aad0-45c1-b026-c29801425a65} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D006B738-0545-4CB1-A8BC-96DEDA374929} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - ?p=ZKfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Q-TIP\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162863532084
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://nthls-5.nthls.com/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7C64174-9071-4A0C-8316-899C4E9DCE21}: NameServer = 24.25.5.148,24.25.5.147
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Pavitrasoft Manager service (cxvfsmgr) - Unknown owner - C:\Program Files\crossmeta\cxvfsmgr.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Pavitrasoft NFS mount service (mountd) - Unknown owner - C:\Program Files\crossmeta\mountd.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Pavitrasoft RPC Port Mapper service (portmapd) - Unknown owner - C:\Program Files\crossmeta\portmapd.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7130 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 catchme - c:\docume~1\q-tip\locals~1\temp\catchme.sys (file missing)
S3 cxnfs (Pavitrasoft NFS kernel mode driver) - c:\windows\system32\drivers\cxnfs.sys <Not Verified; Pavitrasoft Inc.; Windows ® Server 2003 DDK driver>
S3 cxvfs (Pavitrasoft VFS kernel mode driver) - c:\windows\system32\drivers\cxvfs.sys <Not Verified; Pavitrasoft Inc.; Windows ® Server 2003 DDK driver>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 cxvfsmgr (Pavitrasoft Manager service) - c:\program files\crossmeta\cxvfsmgr.exe (file missing)
S3 mountd (Pavitrasoft NFS mount service) - c:\program files\crossmeta\mountd.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 portmapd (Pavitrasoft RPC Port Mapper service) - c:\program files\crossmeta\portmapd.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-G PCI Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&10BD256C&0&08F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&10BD256C&0&08F0
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-07-25 21:04:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-19 11:05:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-25 21:02:39 0 d--hs---- C:\Documents and Settings\Q-TIP\Recent
2008-07-25 20:37:19 0 d-------- C:\Documents and Settings\Q-TIP\Application Data\STOPzilla!
2008-07-25 20:37:10 0 d-------- C:\Program Files\STOPzilla!
2008-07-25 17:17:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-19 22:00:15 0 d-------- C:\Program Files\PowerISO
2008-07-19 09:59:37 231403 --ahs---- C:\WINDOWS\system32\xGjlkkkj.ini2
2008-07-19 09:50:50 0 d-------- C:\Program Files\VAV
2008-07-19 09:50:47 0 d-------- C:\Program Files\PCHealthCenter
2008-07-10 20:01:16 0 d-------- C:\Documents and Settings\Q-TIP\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2008-07-25 20:35:43 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-19 21:57:39 0 d-------- C:\Documents and Settings\Q-TIP\Application Data\Ruckus Network
2008-07-19 10:05:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-19 10:02:13 0 d-------- C:\Program Files\Lavasoft
2008-07-19 10:01:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 09:41:48 0 d-------- C:\Program Files\Lx_cats
2008-07-06 20:07:48 0 d-------- C:\Program Files\LimeWire
2008-06-07 21:25:20 0 d-------- C:\Program Files\DivX
2008-06-07 21:02:32 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-04 13:19:32 0 d-------- C:\Program Files\America's Army
2008-06-04 10:53:48 0 d-------- C:\Documents and Settings\Q-TIP\Application Data\goombah
2008-06-03 21:20:05 0 d-------- C:\Program Files\Ruckus Player
2008-06-03 21:17:20 0 d-------- C:\Program Files\Bonjour
2008-06-03 21:16:45 0 d-------- C:\Program Files\Emergent Music LLC
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 22:07:13 0 d-------- C:\Program Files\sXe Injected
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f90d11b-aad0-45c1-b026-c29801425a65}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D006B738-0545-4CB1-A8BC-96DEDA374929}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 03:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 03:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 03:50 PM]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/20/2005 01:48 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 04:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/15/2007 04:14 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/19/2008 10:05 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkkljGx

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f10fed3-939b-11db-a893-0016767a4c03}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-25 21:12:11 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
CPU 1: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1014.07 MiB / 569.28 MiB
Pagefile Memory (total/avail): 2440.89 MiB / 2071.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.35 MiB

C: is Fixed (NTFS) - 64.49 GiB total, 26.65 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD080HJ/P - 74.5 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 64.49 GiB - C:
\PARTITION1 - Unknown - 9.03 GiB
\PARTITION2 - Unknown - 1011.91 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"E:\\5th Period\\Armagetron Advanced\\armagetronad.exe"="E:\\5th Period\\Armagetron Advanced\\armagetronad.exe:*:Enabled:armagetronad"
"C:\\Program Files\\Counter-Strike\\hl.exe"="C:\\Program Files\\Counter-Strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\hlds.exe"="C:\\Program Files\\Valve\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Games\\Paintball2\\paintball2.exe"="C:\\Games\\Paintball2\\paintball2.exe:*:Enabled:paintball2"
"E:\\paintball\\Paintball2\\paintball2.exe"="E:\\paintball\\Paintball2\\paintball2.exe:*:Enabled:paintball2"
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Carmageddon 3 - TDR 2000\\tdr2000.exe"="E:\\Carmageddon 3 - TDR 2000\\tdr2000.exe:*:Enabled:TDR 2000"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Downloads\\Counter . Strike v1.6\\Counter-Strike v1.6\\Counter-Strike v1.6\\Counter-Strike v1.6\\hl.exe"="C:\\Downloads\\Counter . Strike v1.6\\Counter-Strike v1.6\\Counter-Strike v1.6\\Counter-Strike v1.6\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Valve\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Counter-Strike 1.6 V31\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6 V31\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus Player"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Q-TIP\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=QUENTIN-940BEAF
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Q-TIP
LOGONSERVER=\\QUENTIN-940BEAF
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Q-TIP\LOCALS~1\Temp
TMP=C:\DOCUME~1\Q-TIP\LOCALS~1\Temp
USERDOMAIN=QUENTIN-940BEAF
USERNAME=Q-TIP
USERPROFILE=C:\Documents and Settings\Q-TIP
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Q-TIP (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE /a C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe"
BitComet 1.02 --> C:\Program Files\BitComet\uninst.exe
Bonjour Core for Windows --> MsiExec.exe /I{56DF5C9E-6392-46D3-B366-297B14E1DAAF}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Counter-Strike 1.6 V31.1 --> C:\Program Files\Counter-Strike 1.6 V31\Uninstal.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
FileZilla Client 3.0.2.1 --> C:\Program Files\FileZilla Client\uninstall.exe
GTK+ Runtime 2.12.8 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Half-Life Dedicated Server Update Tool --> C:\PROGRA~1\Valve\HLServer\UNWISE.EXE C:\PROGRA~1\Valve\HLServer\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Downloads\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Connections Drivers --> Prounstl.exe
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
IsoBuster 2.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.3.0 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lavasoft Reghance 2.1 --> C:\PROGRA~1\LAVASO~1\UNWISE.EXE C:\PROGRA~1\LAVASO~1\INSTALL.LOG
Lexmark 2300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LimeWire PRO 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium --> MsiExec.exe /I{9FB8CAC0-CCF6-47C9-8EDE-3AC69FD61033}
Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Ruckus Player --> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
Shredder (3.0a2pre) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
sXe Injected --> "C:\Program Files\sXe Injected\uninstall.exe"
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5530 / Warning
Event Submitted/Written: 07/25/2008 05:22:06 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5522 / Warning
Event Submitted/Written: 07/24/2008 09:52:40 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5515 / Warning
Event Submitted/Written: 07/23/2008 09:20:50 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5508 / Warning
Event Submitted/Written: 07/22/2008 09:59:34 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5501 / Warning
Event Submitted/Written: 07/21/2008 10:04:33 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4065 / Error
Event Submitted/Written: 07/25/2008 09:01:47 PM
Event ID/Source: 19 / Print
Event Description:
Sharing printer failed + 1722, Printer LexmarkFax share name Printer.

Event Record #/Type4032 / Error
Event Submitted/Written: 07/25/2008 05:25:49 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
PCIIde

Event Record #/Type4004 / Error
Event Submitted/Written: 07/25/2008 00:43:53 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg

Event Record #/Type3979 / Error
Event Submitted/Written: 07/24/2008 04:13:54 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg

Event Record #/Type3957 / Error
Event Submitted/Written: 07/23/2008 04:10:53 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg



-- End of Deckard's System Scanner: finished at 2008-07-25 21:12:11 ------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, July 26, 2008 03:00:00
Records in database: 1009466
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 43958
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:49:41


File name / Threat name / Threats count
C:\Documents and Settings\Q-TIP\Shared\boys like girls - hero-heroine.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\BitComet\Downloads\SpySweeper\sspsetup1_.exe Infected: Backdoor.Win32.Delf.jgi 1
C:\Program Files\PCHealthCenter\0.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ae 1

The selected area was scanned.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 7-28-2008 7:43 (GMT +1)    Quote: Need help with an infected computerAlert an admin about: Need help with an infected computer
Hello scool
 
 
Please download Malwarebytes' Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply.
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

Q-TIP
New Member


Date Joined Feb 2007
Total Posts : 6
  		   Posted 7-28-2008 11:17 (GMT +1)    Quote: Need help with an infected computerAlert an admin about: Need help with an infected computer
Here are my new logs.

Deckard's System Scanner v20071014.68
Run by Q-TIP on 2008-07-28 18:13:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Q-TIP.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:41 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Q-TIP\Desktop\dss.exe
C:\DOWNLO~1\Q-TIP.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - ?p=ZKfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Q-TIP\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162863532084
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - https://nthls-5.nthls.com/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7C64174-9071-4A0C-8316-899C4E9DCE21}: NameServer = 24.25.5.148,24.25.5.147
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Pavitrasoft Manager service (cxvfsmgr) - Unknown owner - C:\Program Files\crossmeta\cxvfsmgr.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Pavitrasoft NFS mount service (mountd) - Unknown owner - C:\Program Files\crossmeta\mountd.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Pavitrasoft RPC Port Mapper service (portmapd) - Unknown owner - C:\Program Files\crossmeta\portmapd.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7091 bytes

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 18:05:44 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-28 18:02:26 68096 --a------ C:\WINDOWS\zip.exe
2008-07-28 18:02:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-28 18:02:26 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-28 18:02:26 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-28 18:02:26 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-28 18:02:26 98816 --a------ C:\WINDOWS\sed.exe
2008-07-28 18:02:26 80412 --a------ C:\WINDOWS\grep.exe
2008-07-28 18:02:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-28 18:00:22 0 d--hs---- C:\Documents and Settings\Q-TIP\Recent
2008-07-28 16:54:47 0 d-------- C:\Documents and Settings\Q-TIP\Application Data\Malwarebytes
2008-07-28 16:54:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 16:54:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-25 20:37:19 0 d-------- C:\Documents and Settings\Q-TIP\Application Data\STOPzilla!
2008-07-25 20:37:10 0 d-------- C:\Program Files\STOPzilla!
2008-07-25 17:17:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-19 22:00:15 0 d-------- C:\Program Files\PowerISO
2008-07-10 20:01:16 0 d-------- C:\Documents and Settings\Q-TIP\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2008-07-28 18:05:16 0 d-------- C:\Program Files\Common Files
2008-07-28 17:43:22 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-19 21:57:39 0 d-------- C:\Documents and Settings\Q-TIP\Application Data\Ruckus Network
2008-07-19 10:05:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-19 10:02:13 0 d-------- C:\Program Files\Lavasoft
2008-07-19 10:01:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 09:41:48 0 d-------- C:\Program Files\Lx_cats
2008-07-06 20:07:48 0 d-------- C:\Program Files\LimeWire
2008-06-07 21:25:20 0 d-------- C:\Program Files\DivX
2008-06-07 21:02:32 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-04 13:19:32 0 d-------- C:\Program Files\America's Army
2008-06-04 10:53:48 0 d-------- C:\Documents and Settings\Q-TIP\Application Data\goombah
2008-06-03 21:20:05 0 d-------- C:\Program Files\Ruckus Player
2008-06-03 21:17:20 0 d-------- C:\Program Files\Bonjour
2008-06-03 21:16:45 0 d-------- C:\Program Files\Emergent Music LLC
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 22:07:13 0 d-------- C:\Program Files\sXe Injected
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 03:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 03:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 03:50 PM]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/20/2005 01:48 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 04:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/15/2007 04:14 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/19/2008 10:05 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f10fed3-939b-11db-a893-0016767a4c03}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-28 18:15:13 ------------

Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 2

5:40:45 PM 7/28/2008
mbam-log-7-28-2008 (17-40-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 81106
Time elapsed: 34 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> No action taken.

Files Infected:
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{40EB2B49-EA99-44C2-B879-A305ADC945BD}\RP604\A0121965.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{40EB2B49-EA99-44C2-B879-A305ADC945BD}\RP604\A0122003.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{40EB2B49-EA99-44C2-B879-A305ADC945BD}\RP606\A0123031.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\system32\keystrokes.html (Stolen.Data) -> No action taken.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 7-29-2008 7:36 (GMT +1)    Quote: Need help with an infected computerAlert an admin about: Need help with an infected computer
Run Malwarebytes' Anti-Malware again. Have it to ->
Be sure that everything is checked, and click Remove Selected.
 
 
Turn off and then turn on System Restore. To do so, follow these steps:
System Restore
 
 
Let Me know how things are running now ?
 
 

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

Q-TIP
New Member


Date Joined Feb 2007
Total Posts : 6
  		   Posted 7-30-2008 9:19 (GMT +1)    Quote: Need help with an infected computerAlert an admin about: Need help with an infected computer
In the scan that I did earlier I did all of that and I clicked on the quarentine and it says there are 34 items in the quarentine. I ran a scan again and nothing comes up.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 7-31-2008 8:25 (GMT +1)    Quote: Need help with an infected computerAlert an admin about: Need help with an infected computer
Sounds good smile
 
 
Please  read Tony Klein's excellent article  about how to prevent against  spyware/hijackers in the future
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html   
 
 
                Please download OTMoveIt by OldTimer: http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
 
1.    Save it to your desktop.
2.    Please double-click OTMoveIt.exe to run it.
3.    Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
4.    This step removes the files, folders, and shortcuts created by the tools I had you download and run.
 
 

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 
New Topic Post reply to : Need help with an infected computer Printable version of : Need help with an infected computer
 
Forum Information
Currently it is Wednesday, December 03, 2008 7:07 AM (GMT +1)
There are a total of 64.512 posts in 15.910 threads.
In the last 3 days there were 19 new threads and 76 reply posts. View Active Threads
Who's Online
This forum has 27326 registered members. Please welcome our newest member, DooN.
42 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Help with a (win32 trojan gen other) (0)03-12-2008 02:25:45 (finz)
Ok...I'm infected, now what? (24)03-12-2008 02:11:28 (Zalen)
Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES (3)03-12-2008 02:08:19 (cgamm)
Trojan Horse Generic 12.KAO (5)03-12-2008 02:01:58 (Taryn)
No Safe Mode, explorer.exe crashes, no internet (0)03-12-2008 00:49:20 (roygbp)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard