Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

kxvo.exe PLEASE HELP [RESOLVED]


  • This topic is locked This topic is locked

#331
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Did the redirects start when you plugged back in your removable hd?

Download GMER from Here :
Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
  • 0

Advertisements


#332
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
when i formatted the computer, redirects are not active. after sometime of plugging in my removable hard disk to restore my files, it did occur within the same day. but i am careful not to double click the drive by opening the folders via command prompt or explore function.
  • 0

#333
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-08 20:19:46
Windows 5.1.2600 Service Pack 3


---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2984] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip6 \Device\Ip6 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip6 \Device\RawIp6 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip6 \Device\Tcp6 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip6 \Device\Udp6 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----
  • 0

#334
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Because of Windows Auto-run function your computer was reinfected by simply plugging in your removable drive.
No scans show signs of infection.

I want you to run ot Scan it but this time under Additional scan choose select all.
At the top left under basic scans choose Yes under rootkit search.
Above that under drivers choose Non-Microsoft only
then choose run scan.

After that you can either upload the scan here or if it will not fit then you may e-mail it to me.
Thanks.
  • 0

#335
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
yeah! i also presuppose that this functions from the autorun feature after all our procedures. i was doing the rootkit scan and avg happen to detect viruses while the root kit search is going..
  • 0

#336
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
i mailed the log, btw. the virus found is located on temporary system folder named eqiugljr.dll
  • 0

#337
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please insert all of your removeable devices before doing the below.


Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

  • 0

#338
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
okay. i will perform these things and post these logs by the soonest time possible...just been busy these days...sorry.
  • 0

#339
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No problem when you can.
  • 0

#340
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
ComboFix 08-09-22.02 - Adrian 2008-09-24 0:22:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.234 [GMT 8:00]
Running from: C:\Documents and Settings\Adrian\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\AutoRun.inf
I:\Knight.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-22 22:30 . 2008-09-22 22:30 <DIR> d-------- C:\Documents and Settings\Adrian\Application Data\Samsung
2008-09-22 22:06 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-09-22 22:04 . 2008-09-23 01:11 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-09-22 22:03 . 2008-09-22 22:05 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-09-22 22:03 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-09-22 22:03 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-09-22 22:03 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-09-22 22:03 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-09-22 22:03 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-09-22 22:03 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-09-22 22:03 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-09-22 22:02 . 2008-09-22 22:02 <DIR> d-------- C:\Program Files\Samsung
2008-09-22 22:02 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-09-16 22:21 . 2008-09-23 00:28 <DIR> d-------- C:\Documents and Settings\Adrian\Application Data\Apple Computer
2008-09-16 22:21 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-16 22:21 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-16 22:20 . 2008-09-16 22:21 <DIR> d-------- C:\Program Files\iTunes
2008-09-16 22:20 . 2008-09-16 22:20 <DIR> d-------- C:\Program Files\iPod
2008-09-16 22:20 . 2008-09-16 22:20 <DIR> d-------- C:\Program Files\Bonjour
2008-09-16 22:20 . 2008-09-16 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-16 22:19 . 2008-09-16 22:19 <DIR> d-------- C:\Program Files\QuickTime
2008-09-16 22:19 . 2008-09-16 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-16 22:18 . 2008-09-16 22:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-16 22:18 . 2008-09-16 22:18 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-16 22:18 . 2008-09-16 22:18 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-16 22:18 . 2008-09-16 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-08 20:01 . 2008-09-08 20:02 250 --a------ C:\WINDOWS\gmer.ini
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-06 10:15 . 2008-09-06 10:15 <DIR> d-------- C:\WINDOWS\Sun
2008-09-06 10:04 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-06 10:03 . 2008-09-06 10:04 <DIR> d-------- C:\Program Files\Java
2008-09-06 09:55 . 2008-09-06 09:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-06 09:32 . 2008-09-06 09:32 <DIR> dr-h----- C:\Documents and Settings\Adrian\Application Data\yahoo!
2008-09-06 08:58 . 2008-09-06 08:58 <DIR> d-------- C:\_OTMoveIt
2008-09-05 22:06 . 2008-09-05 22:06 <DIR> d-------- C:\rsit
2008-09-04 23:08 . 2008-09-21 15:12 <DIR> d-------- C:\Program Files\Warcraft III
2008-09-04 20:29 . 2008-09-21 13:24 <DIR> d-------- C:\Program Files\Garena
2008-09-04 20:29 . 2008-09-04 20:29 <DIR> d-------- C:\Documents and Settings\Adrian\Application Data\InstallShield
2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-01 20:27 . 2008-09-01 20:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-31 20:50 . 2008-08-31 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-31 18:36 . 2008-08-31 18:36 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-08-31 18:36 . 2008-08-31 18:36 <DIR> d-------- C:\Program Files\Winamp Remote
2008-08-31 18:36 . 2008-08-31 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-08-31 18:36 . 2008-08-31 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-08-31 18:25 . 2008-08-31 18:37 <DIR> d-------- C:\Program Files\Winamp
2008-08-31 18:25 . 2008-08-31 18:26 <DIR> d-------- C:\Documents and Settings\Adrian\Application Data\Winamp
2008-08-31 18:24 . 2004-08-04 13:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-08-31 18:23 . 2008-04-14 08:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-08-31 18:22 . 2004-08-04 13:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-31 18:21 . 2008-04-14 08:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-25 14:26 . 2008-08-25 14:26 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-25 12:33 . 2008-08-25 12:33 <DIR> d-------- C:\HostsXpert 4.2 - Hosts File Manager
2008-08-24 10:44 . 2008-09-24 00:21 <DIR> d-------- C:\Documents and Settings\Adrian\Application Data\BitTorrent
2008-08-24 10:43 . 2008-08-31 20:12 <DIR> d-------- C:\Program Files\DNA
2008-08-24 10:43 . 2008-08-24 10:43 <DIR> d-------- C:\Program Files\BitTorrent
2008-08-24 10:43 . 2008-08-31 18:32 <DIR> d-------- C:\Documents and Settings\Adrian\Application Data\DNA
2008-08-24 08:52 . 2008-08-24 08:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-08-24 08:49 . 2008-08-24 08:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-24 05:18 . 2008-09-23 21:31 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-24 02:17 . 2008-06-13 19:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-24 02:16 . 2008-06-13 19:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-24 02:14 . 2008-05-08 22:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-24 02:07 . 2008-04-12 03:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-24 01:57 . 2008-09-04 20:09 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-24 01:49 . 2008-08-24 01:49 <DIR> d---s---- C:\Documents and Settings\Adrian\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 14:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 10:04 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-19 01:33 --------- d-----w C:\Documents and Settings\Adrian\Application Data\Ahead
2008-08-19 01:29 --------- d-----w C:\Program Files\Nero
2008-08-19 01:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-19 01:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-19 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-19 01:19 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-19 01:14 --------- d-----w C:\Documents and Settings\Adrian\Application Data\AVGTOOLBAR
2008-08-19 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-19 01:09 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-19 01:09 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-08-19 01:08 --------- d-----w C:\Program Files\AVG
2008-08-19 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-18 15:23 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-18 08:07 --------- d-----w C:\Program Files\ChikkaV4
2008-08-18 06:15 --------- d-----w C:\Program Files\Yahoo!
2008-08-18 02:47 --------- d-----w C:\Program Files\Microsoft Encarta
2008-08-18 02:43 --------- d-----w C:\Program Files\eRightSoft
2008-08-18 02:26 --------- d-----w C:\Program Files\Microsoft Works
2008-08-18 02:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-18 02:26 --------- d-----w C:\Program Files\Common Files\L&H
2008-08-18 02:24 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-18 02:17 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-08-18 02:16 --------- d-----w C:\Program Files\ATI Technologies
2008-08-18 02:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-18 01:03 --------- d-----w C:\Program Files\Realtek
2008-08-18 01:01 --------- d-----w C:\Program Files\AMD
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-17 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-08-16 634160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 1235736]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Adrian^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Adrian\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 08:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-10-21 05:45 871936 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 08:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-10 01:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-04-01 09:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-31 08:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-05-04 15:59 16206848 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-04-24 15:20 1448960 C:\WINDOWS\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Garena\\Garena.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-19 76040]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 00:24:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-24 0:26:58
ComboFix-quarantined-files.txt 2008-09-23 16:26:37

Pre-Run: 24,842,420,224 bytes free
Post-Run: 24,976,789,504 bytes free

226 --- E O F --- 2008-09-10 12:11:46
  • 0

Advertisements


#341
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:06 AM, on 9/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1219513847656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6886 bytes
  • 0

#342
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
posted are the logs you requested for.sorry for the delay. i had all my removable drives plugged-in during their respective scans.thanks!
  • 0

#343
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great now boot into Safe Mode.
*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then
  • Run HostsXpert 4.2 - Hosts File Manager
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
=========
After that reboot and see if the redirects are present.
  • 0

#344
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
gladly, redirects were not present. however, avg detected some viruses recently. It ws classified as trojan horse backdoor.agent.vcj on a program and system volume information folder..how can we be accurately sure that the computer is clean? thanks a lot!
  • 0

#345
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That is good news can you post me the AVg log?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP