Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud-C problem [RESOLVED]


  • This topic is locked This topic is locked

#16
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Deckard's System Scanner v20071014.68
Run by Chris on 2008-02-02 05:30:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
12: 2008-02-01 18:24:51 UTC - RP12 - Deckard's System Scanner Restore Point
11: 2008-02-01 09:26:58 UTC - RP11 - Software Distribution Service 3.0
10: 2008-01-31 23:31:56 UTC - RP10 - Software Distribution Service 3.0
9: 2008-01-31 16:00:31 UTC - RP9 - Software Distribution Service 3.0
8: 2008-01-31 04:04:30 UTC - RP8 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-24 14:51:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:31 AM, on 2/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\findstr.exe
C:\Documents and Settings\Chris\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe
  • 0

Advertisements


#17
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  • 0

#18
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CBF69EB-01E0-4E8A-88C6-07C04E58AE01}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{49FF5949-18B4-4523-937C-9A23971F63B2}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CBF69EB-01E0-4E8A-88C6-07C04E58AE01}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{1CBF69EB-01E0-4E8A-88C6-07C04E58AE01}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7159 bytes
  • 0

#19
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080125-033455-423 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
backup-20080125-033455-868 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
backup-20080202-052341-944 O20 - Winlogon Notify: ivn4reg - C:\WINDOWS\

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ISODrive (ISO CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&267A616A&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&267A616A&0&05
Service:
  • 0

#20
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
-- Files created between 2008-01-02 and 2008-02-02 -----------------------------

2008-01-25 02:41:02 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-25 02:40:58 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-25 02:40:58 0 d-------- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
2008-01-25 02:17:18 0 dr-h----- C:\Documents and Settings\Chris\Recent
2008-01-25 01:47:30 0 d-------- C:\WINDOWS\Prefetch
2008-01-24 14:14:06 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-24 13:57:26 0 d-------- C:\!KillBox
2008-01-24 04:16:55 0 d-------- C:\Documents and Settings\Chris\Application Data\True Sword
2008-01-23 18:31:35 11254 --a------ C:\WINDOWS\system32\locate.com
2008-01-23 01:56:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-22 11:50:14 1158 --a------ C:\WINDOWS\mozver.dat
2008-01-22 11:46:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-22 11:46:31 0 d-------- C:\Documents and Settings\Chris\Application Data\Mozilla
2008-01-22 00:40:37 0 d-------- C:\Program Files\Counter-Strike 1.6
2008-01-21 03:06:57 0 d-------- C:\Documents and Settings\Chris\Application Data\WinPatrol
2008-01-21 03:06:49 0 d-------- C:\Program Files\BillP Studios
2008-01-20 23:30:23 0 d-------- C:\MGtools
2008-01-20 23:25:54 1238674 --a------ C:\MGtools.exe
2008-01-20 21:28:21 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-20 21:28:21 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-20 21:28:21 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-20 21:28:21 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-20 21:28:21 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-20 21:28:21 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-20 21:28:21 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-20 21:28:21 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-20 21:28:21 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-20 21:28:21 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-20 21:28:21 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-20 21:28:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-20 21:28:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-20 21:28:20 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-20 20:57:11 0 d-------- C:\WINDOWS\pss
2008-01-20 20:18:44 2230 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-20 14:54:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 14:38:41 0 d-------- C:\Documents and Settings\Chris\Application Data\Grisoft
2008-01-20 06:27:31 0 d-------- C:\Program Files\Trend Micro
2008-01-19 03:07:41 0 d-------- C:\Program Files\Abexo
2008-01-19 02:58:13 0 dr-h----- C:\$VAULT$.AVG
2008-01-19 02:14:44 0 d-------- C:\Documents and Settings\Chris\Application Data\AVG7
2008-01-19 02:14:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-19 02:14:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-19 02:14:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-15 03:41:05 0 d-------- C:\Documents and Settings\Chris\Application Data\RegistrySmart
2008-01-15 03:20:53 0 d-------- C:\Documents and Settings\Chris\Application Data\Uniblue
2008-01-12 15:49:55 0 d-------- C:\WESTWOOD


-- Find3M Report ---------------------------------------------------------------

2008-01-31 15:55:46 0 d-------- C:\Program Files\PartyGaming
2008-01-25 04:54:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 01:51:49 0 d-------- C:\Documents and Settings\Chris\Application Data\Skype
2008-01-25 01:41:00 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-24 15:03:15 0 d-------- C:\Program Files\Gadu-Gadu
2008-01-23 01:56:29 0 d-------- C:\Program Files\Common Files
2008-01-23 00:45:19 0 d-------- C:\Program Files\OzyPoker
2008-01-23 00:44:46 0 d-------- C:\Program Files\Full Tilt Poker.Org
2008-01-22 11:50:18 0 d-------- C:\Documents and Settings\Chris\Application Data\Adobe
2008-01-22 00:38:19 0 d-------- C:\Documents and Settings\Chris\Application Data\Azureus
2008-01-20 14:49:48 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-30 21:56:13 0 d-------- C:\Program Files\Deluxe Ski Jump
2007-12-03 00:25:24 0 d-------- C:\Documents and Settings\Chris\Application Data\Macromedia
2007-12-02 16:09:45 0 d-------- C:\Documents and Settings\Chris\Application Data\Media Player Classic
2007-12-02 16:09:36 0 d-------- C:\Program Files\Real Alternative

Edited by Kris_85, 01 February 2008 - 12:40 PM.

  • 0

#21
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22 PM]
"nwiz"="nwiz.exe" [22/10/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [15/12/2006 03:23 AM]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [01/06/2006 12:26 PM]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [19/06/2006 02:37 PM]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [15/05/2006 04:52 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/01/2008 02:14 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 12:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 11:00 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 03:24 AM]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [31/01/2007 01:58 AM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ebecf46-b281-11db-8c37-0019db204c90}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe




-- End of Deckard's System Scanner: finished at 2008-02-02 05:31:05 ------------

Edited by Kris_85, 01 February 2008 - 12:41 PM.

  • 0

#22
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
as you can see im still unable to post it all in one go... strange

well anyways that was "main.txt", now im posting "extra.txt"


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6400 @ 2.13GHz
CPU 1: Intel® Core™2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1022.36 MiB / 656.3 MiB
Pagefile Memory (total/avail): 2459.7 MiB / 2184.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.2 MiB

C: is Fixed (NTFS) - 298.08 GiB total, 180.96 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glówny"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"

Edited by Kris_85, 01 February 2008 - 12:43 PM.

  • 0

#23
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRIS-EEB5F40DC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris
LOGONSERVER=\\CHRIS-EEB5F40DC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
USERDOMAIN=CHRIS-EEB5F40DC
USERNAME=Chris
USERPROFILE=C:\Documents and Settings\Chris
windir=C:\WINDOWS
  • 0

#24
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
-- User Profiles ---------------------------------------------------------------

Chris (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abexo Free Registry Cleaner --> C:\Program Files\Abexo\afrc\uninst.exe
ACE Mega CoDecS Pack --> "C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
[email protected] ISO Burner v 1.1 --> C:\PROGRA~1\LSOFTT~1\ACTIVE~1\UNWISE.EXE C:\PROGRA~1\LSOFTT~1\ACTIVE~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Allok MOV Converter 2.2.0 --> "C:\Program Files\Allok MOV Converter\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BabasChess --> MsiExec.exe /I{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}
BigPond Broadband Cable --> MsiExec.exe /X{6DE9C4EE-086C-443E-B75E-429751261B05}
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
Close Combat Cross of Iron --> "C:\WINDOWS\Close Combat Cross of Iron\uninstall.exe" "/U:C:\Program Files\Close Combat\Uninstall\uninstall.xml"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike 1.6 --> C:\Program Files\Counter-Strike 1.6\Uninstal.exe
DeepBurner Pro v1.8.0.225 --> "C:\Program Files\Astonsoft\DeepBurner Pro\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner Pro\install.log"
Delta Force - Black Hawk Down --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FE54D21-8254-4CCF-AEE0-066496AE43F4}\setup.exe" -l0x9 -uninst
Deluxe Ski Jump 2.1 --> "C:\Program Files\Deluxe Ski Jump\unins000.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DkZ Studio --> MsiExec.exe /I{F656DC79-013A-4683-8692-B938FC00B941}
FIFA 07 --> C:\Program Files\EA SPORTS\FIFA 07\EAUninstall.exe
FIFA 08 --> MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Football Manager 2007 --> C:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
Fruity Tracks 2.04 --> C:\PROGRA~1\FRUITY~1\UNWISE.EXE C:\PROGRA~1\FRUITY~1\INSTALL.LOG
FruityLoops v3.4 --> C:\PROGRA~1\FRUITY~1.4\UNWISE.EXE C:\PROGRA~1\FRUITY~1.4\INSTALL.LOG
Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe
Google Earth --> MsiExec.exe /I{374F03BB-9C09-4DB3-9C9B-C71E63292950}
Gra w ciemno 1.0.0.3 --> "C:\Program Files\Gra w ciemno\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
  • 0

#25
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Need for Speed™ Carbon --> C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PKR --> "C:\Program Files\PKR\uninstall-pkr.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Prawo Jazdy 2006 1.0 --> "C:\Program Files\Prawo Jazdy 2006\unins000.exe"
Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1045
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"
Reason --> MsiExec.exe /X{AB9FC2F9-7FC7-11D7-9D82-00065BABCB42}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Skype 3.2 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SopCast 1.1.1 --> C:\Program Files\SopCast\uninst.exe
Sound Forge 5.0 --> C:\PROGRA~1\SONICF~1\SOUNDF~1.0\UNWISE.EXE C:\PROGRA~1\SONICF~1\SOUNDF~1.0\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TVUPlayer 2.3.0.0 --> C:\Program Files\TVUPlayer\uninst.exe
UltraISO Premium V8.61 --> "C:\Program Files\UltraISO\unins000.exe"
USB2.0 PC Camera (SN9C201&202) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Victor Chandler --> "C:\Poker\Victor Chandler\_SetupCasino[1].exe" /uninstall
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtua Tennis 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B63540D-D942-4C38-B42E-A48AE0145970}\setup.exe" -l0x9 -removeonly
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World Series of Poker: TOC --> C:\Program Files\Activision Value\World Series of Poker TOC\Uninstall.exe
  • 0

Advertisements


#26
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
-- Application Event Log -------------------------------------------------------

Event Record #/Type9788 / Error
Event Submitted/Written: 02/02/2008 05:25:39 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The data is invalid.

Event Record #/Type9785 / Error
Event Submitted/Written: 02/02/2008 05:16:12 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00a643ac.
Processing media-specific event for [services.exe!ws!]

Event Record #/Type9773 / Success
Event Submitted/Written: 02/01/2008 08:26:03 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type9768 / Success
Event Submitted/Written: 02/01/2008 06:51:03 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type9762 / Error
Event Submitted/Written: 01/31/2008 05:37:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x009e43ac.
Processing media-specific event for [services.exe!ws!]
  • 0

#27
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7269 / Error
Event Submitted/Written: 02/02/2008 05:21:17 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Event Record #/Type7262 / Warning
Event Submitted/Written: 02/02/2008 05:15:32 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7162 / Error
Event Submitted/Written: 02/02/2008 05:11:03 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Event Record #/Type7152 / Warning
Event Submitted/Written: 02/01/2008 08:23:25 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7151 / Warning
Event Submitted/Written: 02/01/2008 08:08:52 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-02-02 05:31:05 ------------
  • 0

#28
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi Kris,

Not seeing anything else malicious at this point. How is it running?

You need to update Java, make sure to remove all your old versions per the instructions.

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 4.
  • Go to the Sun Java Website
  • Click on the download button next to Java Runtime Environment (JRE) 6 Update 4
  • Select your Operating System and language, then check the box next to I agree to the Java SE Runtime Environment 6 License Agreement and click Continue.
  • Click on the link under Windows Offline Installation and save the downloaded file to your hard disk.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer

~~~~~~~~~~~~~~~~~~~~~~~~~

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now
    change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
  • Under How to act? - make sure that Quarantine is selected.
  • Under How to scan? - All checkboxes should be ticked.
  • Under Possibly unwanted software - All checkboxes should be ticked.
  • Under Reports - Select Do not automatically generate reports.
  • Under What to scan? - Select Scan every file.
Close all open windows.



Please download ATF Cleaner here by Atribune. This program is for XP and Windows 2000 only.
It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


We Now Need To Boot Into Safemode Now

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine,
amount of memory, hard drives installed etc (BOOT SCREEEN).
At this point you should gently tap the F8 key repeatedly until you are presented with a Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Run AVG


  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button This must done before saving the report
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
      Posted Image
  • Right-click the AVG Tray Icon and select Exit.
  • Now copy the report back to this topic.


Restart into normal mode and post the AVG Log and a new HJT Log. Also how are things now
  • 0

#29
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:46:10 PM 3/02/2008

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Skype : Cleaned.
C:\WINDOWS\system32\drivers\asc3550f.sys -> Worm.Nulprot.a : Cleaned with backup (quarantined).


::Report end
  • 0

#30
Kris_85

Kris_85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:54 PM, on 3/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP