Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Worm.VB.an, Key logger

Started by Adrean , Sep 24 2006 03:11 PM

  • Please log in to reply

#1
Adrean
Posted 24 September 2006 - 03:11 PM

Adrean

    Member

  • Member
  • PipPip
  • 31 posts
Hello guys,

First of all let me thank you in advance for all the help that you've given me already. I've been able to remove a lot of spy ware from my computer that i didn't even know existed. So again, thank you.

One of my game accounts was hacked this morning. I was referred to this site by a friend. I believed that a key logger of some kind was on my CPU. But i found a lot more then i bargained for. I followed your instructions as best as i could. I hope you guys can help me with this issue. Thanks in advance for your assistance.


Logfile of HijackThis v1.99.1
Scan saved at 1:47:38 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rion\Desktop\Fraps\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {D2B1F244-6AF6-4007-A6D8-661335A9699D} - C:\WINDOWS\system32\jpbm.dll (file missing)
R3 - URLSearchHook: (no name) - {85E0FE16-3CF1-1455-ACD8-661335A8389E} - C:\WINDOWS\system32\ukns.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {85E0FE16-3CF1-1455-ACD8-661335A8389E} - C:\WINDOWS\system32\ukns.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D2B1F244-6AF6-4007-A6D8-661335A9699D} - C:\WINDOWS\system32\jpbm.dll (file missing)
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Monopoly3Setup.exe] C:\DOWNLO~1\MONOPO~1.EXE /r
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Hsiw] "C:\WINDOWS\DOBE~1\mshta.exe" -vt tzt
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark...en/AMClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

ActiveScan

Incident Status Location

Virus:Trj/Wow.DP Disinfected Operating system
Potentially unwanted tool:application/zango Not disinfected c:\windows\downloaded program files\ClientAX.dll
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/whenusearch Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Rion\Cookies\rion@888[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Rion\Cookies\rion@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rion\Cookies\rion@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rion\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Rion\Cookies\rion@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Rion\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Rion\Cookies\rion@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rion\Desktop\Fraps\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rion\Desktop\smitRem.exe[smitRem/Process.exe]
Virus:Trj/Wow.DP Disinfected C:\ntldr.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1409OinAdmin.exe
Potentially unwanted tool:Application/Seekmo Not disinfected C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
Potentially unwanted tool:Application/Seekmo Not disinfected C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe
Possible Virus. Renamed C:\WINDOWS\system32\s?mbols\__delete_on_reboot__?_h_k_n_t_f_s_._e_x_e_
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\__delete_on_reboot__j_p_b_m_._d_l_l_
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\__delete_on_reboot__u_k_n_s_._d_l_l_
Possible Virus. Renamed C:\WINDOWS\system32\??mantec\__delete_on_reboot__r_?_g_e_d_i_t_._e_x_e_
Possible Virus. Not disinfected C:\WINDOWS\?dobe\__delete_on_reboot__m_s_h_t_a_._e_x_e_

I know you guys are busy. There's no rush atm my account is safe and has been locked. Please help if and when you can.

Edited by Adrean, 24 September 2006 - 06:35 PM.

  • 0

Advertisements

#2
Adrean
Posted 25 September 2006 - 05:31 PM

Adrean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
/bump
  • 0

#3
Metallica
Posted 28 September 2006 - 06:53 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
That bump was a mistake. :whistling:

Some helpers look for threads with 0 replies.
Just a tip for next time.

Use HijackThis to fix the items below:
R3 - URLSearchHook: (no name) - {D2B1F244-6AF6-4007-A6D8-661335A9699D} - C:\WINDOWS\system32\jpbm.dll (file missing)
R3 - URLSearchHook: (no name) - {85E0FE16-3CF1-1455-ACD8-661335A8389E} - C:\WINDOWS\system32\ukns.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {85E0FE16-3CF1-1455-ACD8-661335A8389E} - C:\WINDOWS\system32\ukns.dll (file missing)

O2 - BHO: (no name) - {D2B1F244-6AF6-4007-A6D8-661335A9699D} - C:\WINDOWS\system32\jpbm.dll (file missing)
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll

O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

O4 - HKCU\..\Run: [Monopoly3Setup.exe] C:\DOWNLO~1\MONOPO~1.EXE /r

O4 - HKCU\..\Run: [Hsiw] "C:\WINDOWS\DOBE~1\mshta.exe" -vt tzt

To do so, put a checkmark before the lines and click Fix checked.

Do not reboot yet, but download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Regards,
  • 0

#4
Adrean
Posted 28 September 2006 - 09:05 AM

Adrean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hey Metallica. Thanks for you time. I tried to erase my bump a few days ago when i realized my mistake but the forum wouldnt let me :whistling:. i did what you asked. but Vondo didnt leave a log behind. Maybe im looking in the wrong place. Here is my Hijackthis Log.


Logfile of HijackThis v1.99.1
Scan saved at 7:11:13 AM, on 9/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rion\Desktop\Fraps\HijackThis.exe
C:\Documents and Settings\Rion\Local Settings\Temporary Internet Files\Content.IE5\0TUZKTI3\VundoFix[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark...en/AMClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
  • 0

#5
Metallica
Posted 28 September 2006 - 09:15 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
If you doubleclick "My Computer" then doubleclick the icon for the C: drive you should see the file called vundofix.txt
If it isn't there let me know.

Something is not right.
But more because there are entries missing that you should have, rather then entries that shouldn't be there (we eliminated those now)

Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Regards,
  • 0

#6
Adrean
Posted 28 September 2006 - 09:40 AM

Adrean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
AHhh.. ok. Heres the Vongo File. Also, dont forget that my original post was some time ago, And ive gotton rid of some things to clean up my system. Doing Blacklight scan now. will post it in a few minutes.


VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 7:09:08 AM 9/28/2006

Listing files found while scanning....


VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 7:10:11 AM 9/28/2006

Listing files found while scanning....

No infected files were found.

No infected files were found.


Beginning removal...

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 7:10:39 AM 9/28/2006

Listing files found while scanning....

No infected files were found.
  • 0

#7
Adrean
Posted 28 September 2006 - 09:41 AM

Adrean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is the BL scan report.

09/28/06 08:38:17 [Info]: BlackLight Engine 1.0.47 initialized
09/28/06 08:38:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/28/06 08:38:18 [Note]: 7019 4
09/28/06 08:38:18 [Note]: 7005 0
09/28/06 08:38:19 [Note]: 7006 0
09/28/06 08:38:19 [Note]: 7011 376
09/28/06 08:38:19 [Note]: 7026 0
09/28/06 08:38:19 [Note]: 7026 0
09/28/06 08:38:21 [Note]: FSRAW library version 1.7.1020
09/28/06 08:40:09 [Note]: 2000 1012
09/28/06 08:40:09 [Note]: 2000 1012
09/28/06 08:40:09 [Note]: 2000 1012
09/28/06 08:40:09 [Note]: 2000 1012
09/28/06 08:40:09 [Note]: 2000 1012
09/28/06 08:40:09 [Note]: 2000 1012
09/28/06 08:40:34 [Note]: 7007 0
  • 0

#8
Metallica
Posted 28 September 2006 - 12:14 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Sigh of relief. No rootkit. :whistling:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#9
Adrean
Posted 28 September 2006 - 12:44 PM

Adrean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
wow. that was un settling. i saw a flash of these 2 words.. INFECTED! DONE! LOL. scary stuff. Your starting to scare me what are you looking at? or not looking at?

- 06-09-28 11:42:10.14 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Rion\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1409OinUninstaller.exe
C:\Program Files\winupdates

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\DOBE~1
C:\QooBox\Purity\WINDOWS\DOBE~1\bak
C:\QooBox\Purity\WINDOWS\DOBE~1\?dobe
C:\QooBox\Purity\WINDOWS\system32\MANTEC~1
C:\QooBox\Purity\WINDOWS\system32\SMBOLS~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-28 to 2006-09-28 ))))))))))))))))))))))))))))))))))


2006-09-26 21:32 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-09-26 21:32 139,264 --a------ C:\WINDOWS\War3Unin.exe
2006-09-24 11:39 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-09-24 11:39 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll
2006-09-18 02:21 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-18 02:13 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6701.sys
2006-09-18 02:13 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-17 00:47 2 --a------ C:\WINDOWS\system32\wintcc.exe
2006-09-15 20:42 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2006-09-15 20:42 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-09-15 20:42 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-09-15 20:42 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2006-09-13 11:06 2,146,304 --------- C:\WINDOWS\UNNMP.exe
2006-09-13 11:04 21,504 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-13 11:03 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-09-13 11:03 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-09-13 11:03 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-09-13 11:03 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-09-13 11:03 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-09-13 11:03 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-09-13 11:03 2,023,424 --------- C:\WINDOWS\UNNeroVision.exe
2006-09-13 11:03 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-13 11:03 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-09-12 00:09 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-09-12 00:09 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-09-12 00:09 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-28 11:42 -------- d-------- C:\Program Files\Common Files
2006-09-27 00:51 -------- d-------- C:\Program Files\World of Warcraft
2006-09-27 00:40 -------- d-------- C:\Program Files\Warcraft III
2006-09-26 21:36 -------- d-------- C:\Program Files\SpywareBot
2006-09-26 21:36 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-26 21:36 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-26 12:18 -------- d-------- C:\Documents and Settings\Rion\Application Data\AdobeUM
2006-09-26 12:17 -------- d-------- C:\Documents and Settings\Rion\Application Data\Adobe
2006-09-26 12:08 -------- d-------- C:\Program Files\Macro Express3
2006-09-24 13:28 -------- d-------- C:\Program Files\Ventrilo
2006-09-24 13:26 -------- d-------- C:\Program Files\QuickTime
2006-09-24 13:25 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 13:25 -------- d-------- C:\Program Files\Google
2006-09-24 12:14 -------- d-------- C:\Documents and Settings\Rion\Application Data\Lavasoft
2006-09-24 12:13 -------- d-------- C:\Program Files\Lavasoft
2006-09-24 10:38 -------- d-------- C:\Program Files\InterActual
2006-09-21 13:38 -------- d-------- C:\Documents and Settings\Rion\Application Data\Google
2006-09-19 06:17 -------- d-------- C:\Program Files\LimeWire
2006-09-19 01:45 -------- d-------- C:\Program Files\Seekmo Programs
2006-09-18 02:12 -------- d-------- C:\Documents and Settings\Rion\Application Data\uTorrent
2006-09-16 01:25 -------- d-------- C:\Documents and Settings\Rion\Application Data\Ahead
2006-09-15 20:48 -------- d-------- C:\Documents and Settings\Rion\Application Data\Sonic Foundry
2006-09-15 20:48 -------- d-------- C:\Documents and Settings\Rion\Application Data\Publish Providers
2006-09-15 20:48 -------- d-------- C:\Documents and Settings\Rion\Application Data\NetMedia Providers
2006-09-15 20:42 -------- d-------- C:\Program Files\Sonic Foundry
2006-09-15 20:41 -------- d-------- C:\Program Files\Sonic Foundry Setup
2006-09-15 20:09 -------- d-------- C:\Program Files\Java
2006-09-15 20:08 -------- d-------- C:\Program Files\Common Files\Java
2006-09-15 12:50 -------- d-------- C:\Program Files\support.com
2006-09-13 11:05 -------- d-------- C:\Program Files\Ahead
2006-09-13 11:04 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-12 20:57 -------- d-------- C:\Program Files\Winamp
2006-09-03 20:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-03 20:41 -------- d-------- C:\Program Files\Lionhead Studios
2006-09-03 20:39 -------- d-------- C:\Program Files\Common Files\EasyInfo
2006-08-27 10:54 -------- d-------- C:\Program Files\Red Storm Entertainment
2006-08-24 10:57 -------- d-------- C:\Program Files\Total War
2006-08-16 17:55 208896 --a--c--- C:\WINDOWS\system32\nvusmb.exe
2006-08-16 17:55 208896 --a--c--- C:\WINDOWS\system32\nvunrm.exe
2006-08-16 17:55 208896 --a--c--- C:\WINDOWS\system32\NVUNINST.EXE
2006-08-16 17:55 208896 --a--c--- C:\WINDOWS\system32\nvuide.exe
2006-08-16 17:55 208896 --a--c--- C:\WINDOWS\system32\nvudisp.exe
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-10 11:17 -------- d-------- C:\Program Files\Windows Media Player
2006-08-03 00:58 -------- d-------- C:\Program Files\Sierra
2006-08-03 00:53 -------- d-------- C:\Program Files\DivX
2006-08-02 09:10 -------- d---s---- C:\Documents and Settings\Rion\Application Data\Microsoft
2006-08-02 08:59 -------- d-------- C:\Program Files\Managed DirectX (0901)
2006-08-01 23:44 -------- d-------- C:\Program Files\Anark
2006-08-01 14:35 -------- d-------- C:\Program Files\3ivx
2006-08-01 00:52 90 --a------ C:\Documents and Settings\Rion\Application Data\torrentspy.ini
2006-08-01 00:05 -------- d-------- C:\Program Files\uTorrent
2006-07-30 13:40 -------- d-------- C:\Program Files\mIRC


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"NBJ"="\"C:\\PROGRA~1\\Ahead\\NEROBA~1\\NBJ.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7"
"Fraps"="C:\\Fraps\\FRAPS.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,60,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Thu 09/28/2006 11:42:32.18
ComboFix.txt

Edited by Adrean, 28 September 2006 - 12:45 PM.

  • 0

#10
Metallica
Posted 29 September 2006 - 12:14 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Very good. :whistling:

Next step.

Please folow the instructions here:
http://www.geekstogo...orm-t98929.html

Post back with the new HijackThislog
  • 0

Advertisements

#11
Adrean
Posted 29 September 2006 - 12:46 AM

Adrean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here ya go

Logfile of HijackThis v1.99.1
Scan saved at 11:46:00 PM, on 9/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Fraps\FRAPS.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rion\Desktop\Fraps\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark...en/AMClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
  • 0

#12
Metallica
Posted 29 September 2006 - 01:13 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK. very good. One more scan to check if anything is lurking.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Regards,
  • 0

#13
Adrean
Posted 29 September 2006 - 01:16 AM

Adrean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
scanning now....

So far 8 spyware and 3 hacking tools. not good. :whistling:.

1 Virus Detected and 1 disinfected. O.o i'm worse off then i thought.

5 Hacking tools now.. should i just reformat my hard drive? lol

Edited by Adrean, 29 September 2006 - 01:50 AM.

  • 0

#14
Adrean
Posted 29 September 2006 - 02:11 AM

Adrean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Heres the Report. after all that i dont see anything wrong. But thats why im here. :whistling:

Incident Status Location

Potentially unwanted tool:application/zango Not disinfected c:\windows\downloaded program files\ClientAX.dll
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/whenusearch Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Rion\Cookies\rion@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rion\Cookies\rion@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rion\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Rion\Cookies\rion@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rion\Desktop\Fraps\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rion\Desktop\smitRem.exe[smitRem/Process.exe]
Virus:Trj/Lowzones.SV Disinfected C:\Program Files\DAEMON Tools\__delete_on_reboot__d_a_e_m_o_n_._e_x_e_
Potentially unwanted tool:Application/Seekmo Not disinfected C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
Potentially unwanted tool:Application/Seekmo Not disinfected C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe
  • 0

#15
Metallica
Posted 29 September 2006 - 04:34 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Can you delete this folder:

C:\Program Files\Seekmo Programs

Then copy the part in the code box below into notepad and sabve it as zango.bfu in the same folder as BFU.exe and alcanshorty.bfu

## igetnetfreepod.BFU By Lonny with help of several friends
## This script is for 9x and XP and 2K systems
## For xp and 2k i suggest using Ewido
## On occasion bfu will freeze on some systems when doing filedeleteIF commands
## If that happens Please mention that to me via a forum PM.
## Fix all visible items with hijackthis, bfu cannot target all the random O4's
## updated 11/19/2005
OptionUseRecycleBin
OptionOnDeleteFailUseReboot
OptionPauseBetweenCmds 100
SystemEmptyInternetCache

SystemMsgBox Please close all browsers and any open folders\nThen click ok to continue.

OptionStatusOn
OptionSetStatus Working....
ProcessKill \cmd.exe|1
ProcessKill \gui.exe|1
ProcessKillIfContainsText \services.exe|Projects\services32\Release\services32.pdb|1
ProcessKill \services32.exe|1
ProcessKillIfContainsText \*.exe|MediaGateway.exe|1
ProcessKillIfContainsText \*.exe|ide21201.vxd|1
ProcessKillIfContainsText \*.exe|public.zangocash.com|1
ProcessKillIfContainsText \*.exe|180search|1
ProcessKill \AutoIt3.exe|1
ProcessKill \stubSafull.exe|1
ProcessKill \webhost2.exe|1
ProcessKill \MediaGateway.exe|1
ProcessKill \zango.exe|1
ProcessKill \ACTX1.exe|1
ProcessKill \ZQACTX1.exe|1

OptionSetStatus Searching please wait

FileDeleteIfContainsText %PROGRAMFILES%\Common Files\*.*|jonbennett Exp
##Include at later date FileDeleteIfContainsText %SYSDIR%\*.exe|jonbennett Exp
FileDeleteIfContainsText %PROGRAMFILES%\Common Files\Windows\*.*|jonbennett Exp
FileDeleteIfContainsText %PROGRAMFILES%\Common Files\Download\*.*|jonbennett Exp
FileDeleteIfContainsText %WINDIR%\*.exe|180solutions.com

FileDeleteIfContainsText %PROGRAMFILES%\Common Files\*.*|CrackUrlHFtp
FileDeleteIfContainsText %SYSDIR%\*.exe|CrackUrlHFtp
FileDeleteIfContainsText %PROGRAMFILES%\Common Files\Windows\*.*|CrackUrlHFtp
FileDeleteIfContainsText %PROGRAMFILES%\Common Files\Download\*.*|CrackUrlHFtp

RegDeleteKey HKCU\Software\Director
RegDeleteKey HKCU\Software\DNS
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2296428D-C133-4928-B76A-A200FF409572}






RegDeleteKey HKCR\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
RegDeleteKey HKCR\IECatcher.IEWebCatcher
RegDeleteKey HKCR\IECatcher.IEWebCatcher.1
RegDeleteKey HKCR\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}
RegDeleteKey HKCR\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}
RegDeleteKey HKCR\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}
RegDeleteKey HKCU\Software\180sa
RegDeleteKey HKCR\AppID\{65F2040F-8FD9-4796-9F47-26F41EF073AA}
RegDeleteKey HKCR\AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}
RegDeleteKey HKCR\AppID\MediaGateway.EXE
RegDeleteKey HKCR\AppID\Toolbar.DLL
RegDeleteKey HKCR\AppID\{F1F040D5-E8F8-4680-B101-9334E9773841}
RegDeleteKey HKCR\AppID\ZangoToolbar.DLL
RegDeleteKey HKCR\ClientAX.ClientInstaller
RegDeleteKey HKCR\ClientAX.ClientInstaller.1
RegDeleteKey HKCR\ClientAX.RequiredComponent
RegDeleteKey HKCR\ClientAX.RequiredComponent.1
RegDeleteKey HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
RegDeleteKey HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}
RegDeleteKey HKCR\CLSID\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
RegDeleteKey HKCR\CLSID\{93CECBB2-6B1B-448D-91B9-72604EF70105}
RegDeleteKey HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
RegDeleteKey HKCR\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}
RegDeleteKey HKCR\CLSID\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
RegDeleteKey HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}
RegDeleteKey HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}
RegDeleteKey HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
RegDeleteKey HKCR\Interface\{7B178417-3CDA-444F-94FF-312C0A3A78A8}
RegDeleteKey HKCR\Interface\{91F8F7D4-F3AF-4C3D-AF2D-4E2A7DDBAEFE}
RegDeleteKey HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
RegDeleteKey HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
RegDeleteKey HKCR\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}
RegDeleteKey HKCR\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}
RegDeleteKey HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}
RegDeleteKey HKCR\MediaGatewayX.Installer
RegDeleteKey HKLM\SOFTWARE\Media Gateway
RegDeleteKey HKCR\MediaGateway.Installer
RegDeleteKey HKCR\ncmyb.SABHO
RegDeleteKey HKCR\ncmyb.SABHO.1
RegDeleteKey HKCR\Toolbar.ToolBand180
RegDeleteKey HKCR\Toolbar.ToolBand180.1
RegDeleteKey HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}
RegDeleteKey HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
RegDeleteKey HKCR\TypeLib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}
RegDeleteKey HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}
RegDeleteKey HKLM\SOFTWARE\180sa
RegDeleteKey HKLM\SOFTWARE\180search Assistant Programs
RegDeleteKey HKLM\HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Gateway
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}
RegDeleteKey HKCU\Software\CPGH2
RegDeleteKey HKCU\Software\zango
RegDeleteKey HKCR\ZangoToolbar.ZCToolBand
RegDeleteKey HKCR\ZangoToolbar.ZCToolBand.1
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango Toolbar
RegDeleteKey HKLM\SOFTWARE\zango
RegDeleteKey HKLM\SOFTWARE\Zango Programs
RegDeleteKey HKLM\Software\Microsoft\Internet Explorer\Extensions\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}

RegDeleteKey HKCU\Software\XBTB07618
RegDeleteKey HKCR\CLSID\{2296428D-C133-4928-B76A-A200FF409572}
RegDeleteKey HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}
RegDeleteKey HKCR\ToolBand.XBTP07618
RegDeleteKey HKCR\ToolBand.XBTP07618.1
RegDeleteKey HKCR\TypeLib\{5279231E-FABE-4ABF-83A8-7C7E17E3CE1A}
RegDeleteKey HKCR\XBTB07618.IEToolbar
RegDeleteKey HKCR\XBTB07618.IEToolbar.1
RegDeleteKey HKCR\XBTB07618.XBTB07618
RegDeleteKey HKCR\XBTB07618.XBTB07618.1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\XBTB07618.XBTB07618Toolbar

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15589FA1-C456-11CE-BF01-00AA0055595A}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{26098EA2-C95D-48EA-89B4-63C5A63BD42F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}

RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|zango
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|zango
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|services32
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DNS
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|services32
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DNS
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ms059146110222
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Media Gateway
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|180sa
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations|LowRiskFileTypes
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations|LowRiskFileTypes
RegDelValue HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EA0D26BD-9029-431A-86E0-83152D67828A}
RegDelValue HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}
RegDelValue HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}
RegDelValue HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61}
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ACTX1
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ZQHelper
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mc-110-12-0000122.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FreeprodTB


RegSetDwordValue HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN|iexplore.exe|1
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN|iexplore.exe|1


FileDelete %PROGRAMFILES%\Common Files\InetGet2\mc-58-12-0000140.exe 
FileDelete %PROGRAMFILES%\Common Files\services.exe
FileDelete %PROGRAMFILES%\Common Files\system32.dll
FileDelete %PROGRAMFILES%\Common Files\Windows\ack.html
FileDelete %PROGRAMFILES%\Common Files\Windows\request.html
FileDelete %PROGRAMFILES%\Common Files\Windows\ack.html
FileDelete %PROGRAMFILES%\Common Files\Windows\AutoIt3.exe
FileDelete %PROGRAMFILES%\Common Files\Windows\services32.exe
FileDelete %PROGRAMFILES%\Common Files\Windows\mc-110-12-0000228.exe
FileDelete %PROGRAMFILES%\Common Files\Windows\mc-110-12-0000137.exe 
FileDelete %PROGRAMFILES%\Common Files\Windows\mc-110-12-0000190.exe 

FileDelete %PROGRAMFILES%\Common Files\Download\freeprodtb.exe

FileDelete %windir%\Downloaded Program Files\ClientAX.dll
FileDelete %windir%\Downloaded Program Files\clientax.inf
FileDelete %SYSDIR%\ide21201.vxd
FileDelete %SYSDIR%\exclean.exe 
FileDelete %SYSDIR%\scvhost.exe
FileDelete %PROGRAMFILES%\InetGet2\stub_109_4_0_4_0.exe 
FileDelete %PROGRAMFILES%\InetGet2\mc-58-12-0000140.exe 
FileDelete %PROGRAMFILES%\Media Gateway\MediaGateway.exe
FileDelete %PROGRAMFILES%\zango\zango.exe
FileDelete %PROGRAMFILES%\zango\*.*
FileDelete %PROGRAMFILES%\FREEPROD TOOLBAR\FREEPROD.DLL
FileDelete %SYSDIR%\ACTX1.exe
FileDelete %SYSDIR%\ZQACTX1.exe
FileDelete %SYSDIR%\mc-110-12-0000122.exe

FileDelete %PROGRAMFILES%\dns\affid.dat
FileDelete %PROGRAMFILES%\dns\cwebpage.dll
FileDelete %PROGRAMFILES%\dns\x.bmp
FileDelete %PROGRAMFILES%\dns\gui.exe
FileDelete %PROGRAMFILES%\dns\catcher.dll
FileDelete %PROGRAMFILES%\dns\uid.dat
FileDelete %PROGRAMFILES%\dns\urls.dat 

FileDelete %PROGRAMFILES%\Maxifiles\basis.xml
FileDelete %PROGRAMFILES%\Maxifiles\maxifiles.dll
FileDelete %PROGRAMFILES%\Maxifiles\nav.bmp
FileDelete %PROGRAMFILES%\Maxifiles\toolbar.crc
FileDelete %PROGRAMFILES%\Maxifiles\version.txt 

FileDelete %SYSTEMDRIVE%\mc-58-12-0000140.exe
FileDelete %SYSTEMDRIVE%\StubInstaller.exe
FileDelete %SYSTEMDRIVE%\services.exe 
FileDelete %SYSTEMDRIVE%\StubInstaller.exe

FolderDelete %ALLUSERSPROGRAMS%\180search Assistant
FolderDelete %PROGRAMFILES%\Network
FolderDelete %PROGRAMFILES%\DNS
FolderDelete %PROGRAMFILES%\Common Files\InetGet2
FolderDelete %PROGRAMFILES%\Common Files\InetGet
FolderDelete %PROGRAMFILES%\InetGet2
FolderDelete %PROGRAMFILES%\InetGet
FolderDelete %PROGRAMFILES%\180search Assistant Programs
FolderDelete %PROGRAMFILES%\180search assistant
FolderDelete %PROGRAMFILES%\Media Gateway
FolderDelete %ALLUSERSPROGRAMS%\Zango
FolderDelete %PROGRAMFILES%\Zango
FolderDelete %PROGRAMFILES%\Zango Programs
FolderDelete %PROGRAMFILES%\FREEPROD TOOLBAR\Cache
FolderDelete %PROGRAMFILES%\FREEPROD TOOLBAR


OptionPauseBetweenCmds 10
SystemRestartIfNeeded Please restart your PC|0
SystemMsgBox Finished
OptionRunSilent

Run bfu by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select zango.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP