Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I can't instal an antivirus and some programs [Solved]

Started by Gasol , Jan 29 2009 04:37 PM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 31 January 2009 - 01:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep something has come back, different to the one you had before. What was the FTP programme download ?

OK I am going to use an AV to look at this

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

  • 0

Advertisements

#17
Gasol
Posted 31 January 2009 - 02:20 PM

Gasol

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
When I double-click the link you give it to me, the browser page close himself!!!
It doesen't work IE, Mozilla, neither "save target as" method!
What the Earth was that?

I made some works for a newspaper, and send it (text and pictures) on ftp, no programs or something like that...

Edited by Gasol, 31 January 2009 - 02:21 PM.

  • 0

#18
Essexboy
Posted 31 January 2009 - 03:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The problem with Combofix is cleared now - it was just an update problem so lets get a fresh version whilst I await replies

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#19
Gasol
Posted 31 January 2009 - 03:58 PM

Gasol

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
ComboFix 09-01-31.01 - Bogdanian 2009-01-31 23:44:42.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.656 [GMT 2:00]
Running from: c:\documents and settings\Bogdanian\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.

2009-01-31 23:22 . 2009-01-31 23:22 <DIR> d-------- C:\10853
2009-01-31 22:49 . 2009-01-31 22:49 <DIR> d-------- C:\4234
2009-01-31 22:45 . 2009-01-31 22:45 <DIR> d-------- C:\3440
2009-01-31 01:58 . 2009-01-31 01:58 <DIR> d-------- C:\_OTScanIt
2009-01-31 01:04 . 2009-01-31 01:04 217,088 --a------ C:\zip.exe
2009-01-31 01:04 . 2009-01-31 01:04 19,286 --a------ C:\cleanup.exe
2009-01-31 01:04 . 2009-01-31 01:04 1,297 --a------ C:\backup.reg
2009-01-31 01:04 . 2009-01-31 01:04 574 --a------ C:\cleanup.bat
2009-01-29 23:34 . 2009-01-29 23:34 4,408,452 --a------ C:\SPMT.rar
2009-01-23 20:42 . 2009-01-23 20:53 <DIR> d-------- C:\Vladu - materiale finale, corectate
2009-01-23 20:09 . 2009-01-23 20:41 156,672 --a------ C:\Revista - Vladu - corectat, TOT.doc
2009-01-23 19:49 . 2009-01-20 22:03 565,756 --a------ C:\Virgil GEORGESCU jr..jpg
2009-01-23 19:48 . 2009-01-23 19:48 1,560,614 --a------ C:\DSC_0185.JPG
2009-01-23 19:46 . 2006-03-07 19:50 421,157 --a------ C:\DSC09990.JPG
2009-01-23 01:02 . 2009-01-03 05:00 257,895 --a------ C:\screenshot.png
2009-01-23 01:00 . 2009-01-03 04:07 734,789,316 --a------ C:\HIM-Rockpalast.2000.DVBRip.x264.HIMMANIA.mkv
2009-01-23 01:00 . 2009-01-03 05:00 260,068 --a------ C:\screens-thumbs.jpg
2009-01-16 10:35 . 2009-01-16 10:37 54,530 --a------ C:\DSCF3572.jpg
2009-01-14 17:09 . 2009-01-14 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winter Sports 2009
2009-01-01 02:10 . 2009-01-01 02:11 <DIR> d-------- c:\windows\NV20842420.TMP
2009-01-01 02:09 . 2009-01-01 02:09 <DIR> d-------- C:\NVIDIA
2009-01-01 02:06 . 2009-01-01 02:06 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-01 01:36 . 2009-01-01 01:36 <DIR> d-------- c:\windows\Logs
2008-12-31 03:21 . 2008-12-31 03:21 <DIR> d-------- C:\2000
2008-12-26 17:20 . 2008-12-26 17:20 <DIR> d-------- c:\program files\Common Files\EasyInfo
2008-12-16 03:22 . 2008-12-17 18:43 <DIR> d-------- C:\CM
2008-12-14 21:10 . 2008-12-14 21:13 <DIR> d-------- c:\documents and settings\Bogdanian\Application Data\GrabIt
2008-12-02 16:19 . 2009-01-30 00:03 <DIR> d-------- c:\program files\Eset

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 12:38 --------- d-----w c:\program files\SpywareBlaster
2009-01-29 21:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-29 21:41 --------- d-----w c:\program files\SPMT
2009-01-29 21:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 21:32 --------- d-----w c:\program files\NoAdware5.0
2009-01-29 19:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-21 10:07 --------- d-----w c:\documents and settings\Bogdanian\Application Data\PlayFirst
2009-01-15 10:41 --------- d-----w c:\program files\Common Files\Adobe
2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-10 22:25 --------- d-----w c:\program files\oDC
2009-01-07 00:59 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2009-01-05 10:54 --------- d-----w c:\program files\Java
2009-01-02 19:54 --------- d-----w c:\documents and settings\Bogdanian\Application Data\mIRC
2009-01-02 19:01 --------- d-----w c:\program files\mIRC
2008-12-31 23:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 16:18 --------- d-----w c:\documents and settings\Bogdanian\Application Data\dvdcss
2008-12-20 19:27 --------- d-----w c:\program files\Winamp
2008-12-20 19:27 --------- d-----w c:\program files\LHM2006
2008-12-20 19:27 --------- d-----w c:\program files\LHM2003-2004
2008-12-20 19:27 --------- d-----w c:\program files\DVD Photo Slideshow Professional
2008-12-20 19:27 --------- d-----w c:\program files\Batch Watermark Creator
2008-12-20 19:27 --------- d-----w c:\program files\Astral Masters
2008-12-02 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-03-14 19:56 22,328 ----a-w c:\documents and settings\Bogdanian\Application Data\PnkBstrK.sys
2008-02-23 19:47 560 ----a-w c:\program files\Global.sw
2004-10-01 13:00 110,592 ----a-w c:\program files\Uninstall_CDS.exe
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-10-24 4732408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-05 253368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 1003520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 135168]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 163840]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 102400]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-11-02 1397760]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 135260]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 159744]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 214424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 113520]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

c:\documents and settings\Bogdanian\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 187392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"MSVideo"= CSvidcap.dll
"vidc.dvsd"= pdvcodec.dll
"msacm.ac3filter"= ac3filter.acm
"VIDC.mjpg"= mcmjpg32.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Marvel game\\Marvel Vs\\MarvelVs.exe"=
"e:\\motogp2\\motogp2.exe"=
"e:\\Warcraft III- Reign of Chaos & Frozen Throne\\warcraft iii\\Warcraft III.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"g:\\BitLord\\BitLord.exe"=
"c:\\Program Files\\oDC\\oDC.exe"=
"g:\\CrySis Game\\Bin32\\Crysis.exe"=
"g:\\CrySis Game\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\TV_View_Plugin_4.7.ocx"=
"e:\\Guitar Hero 3\\GH3.exe"=
"c:\\Program Files\\oDC\\StrongDC.exe"=
"d:\\ZOMBIESS\\System\\LOTD.exe"=
"g:\\Far2\\Far Cry 2\\bin\\FarCry2.exe"=
"g:\\Far2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"g:\\Far2\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"d:\\Games-kitturi\\FIFA2007\\fifa07.exe"=
"c:\\WINDOWS\\system32\\HDAShCut.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\WINDOWS\\notepad.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\Creative\\Shared Files\\CTSched.exe"=
"c:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"=
"c:\\WINDOWS\\system32\\CF14749.exe"=

R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\gnhhmu.sys --> c:\windows\system32\drivers\gnhhmu.sys [?]
R4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-11-15 2560]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys --> c:\windows\system32\drivers\nod32drv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.ro
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Bogdanian\Application Data\Mozilla\Firefox\Profiles\8r9j2g21.default\
FF - plugin: c:\documents and settings\Bogdanian\Application Data\Mozilla\plugins\npPxPlay.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 23:47:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:ae,73,3f,fd,2b,83,eb,67,f2,93,90,8f,76,ae,d1,e9,96,73,d7,92,15,c0,66,
82,55,81,f1,8f,d8,ad,02,60,ee,7e,c3,37,11,d9,b4,42,f8,9d,1e,81,3f,79,76,02,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,90,4c,ec,d6,92,e1,28,ba,e5,5d,0d,25,ef,fb,b7,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:8a,86,86,9a,b4,43,5e,10
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-01-31 23:51:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-31 21:51:01
ComboFix2.txt 2009-01-30 20:27:59

Pre-Run: 2,764,701,696 bytes free
Post-Run: 2,783,842,304 bytes free

259 --- E O F --- 2008-06-27 22:52:18


PS: At the beginning, the ComboFix reveal a error [look on attachement], I chosse the CONTINUE button, and then the Combo begin to complete the stages normally.

Attached Thumbnails

  • eroare_combo.jpg

  • 0

#20
Essexboy
Posted 31 January 2009 - 04:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I need to look deeper as I had removed the driver and service - combofix confirmed that yet it was re-generated before the end of the scan

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Rootkit::
c:\windows\system32\drivers\gnhhmu.sys

Folder::
C:\10853
C:\4234
C:\3440

Driver::
asc3360pr

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Also I notce som JPG's on your system did you put them there ?

C:\screens-thumbs.jpg
C:\DSCF3572.jpg
C:\Virgil GEORGESCU jr..jpg
C:\DSC_0185.JPG

THEN

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#21
Gasol
Posted 31 January 2009 - 05:03 PM

Gasol

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
The ComboFix was blocked I think; I was waiting one hour, and nothing happens... something like in the case with that... "percentage", you know...
I restart the PC, and I skipped the steps you told me in your last reply...
What can I do? Made another scan, or try again the figure with combofix?!

Later edit: yes, I put those pictures in the C location.

Edited by Gasol, 31 January 2009 - 05:04 PM.

  • 0

#22
Gasol
Posted 31 January 2009 - 05:16 PM

Gasol

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
I'm sorry because made two consecutive posts, but I think my clock settings don't change back after I restart the pc... It is important to comeback at my setting because of work I was doing, and now I can't open it...
  • 0

#23
Essexboy
Posted 31 January 2009 - 05:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you run root repeal ?

To reset the time just double click the time in the task bar and you will be able to reset it from there
  • 0

#24
Essexboy
Posted 31 January 2009 - 05:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Or you could try Dr Web from this link http://www.snapfiles...get/cureit.html
  • 0

#25
Gasol
Posted 31 January 2009 - 05:41 PM

Gasol

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Oh... I thought you go to bed or something... Here it is 1:39 Am, and I'm tired like [bleep]...
I run again combo fix and... the clock it is normal, my project works again.

No, I don't run Root Repeal. Can I do it now? Or maybe tomorrow, I'm very tired and upset; I know you have a lot of "hammers" in your hands; do you think we will won again?
  • 0

Advertisements

#26
Essexboy
Posted 01 February 2009 - 06:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To be honest I do not like being beaten by malware

Run rootrepeal when you feel up to it. Also could you try the new link for Dr. web although it is an archived version it should work
  • 0

#27
Gasol
Posted 01 February 2009 - 09:51 AM

Gasol

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF740C000 Size: 98304 File Visible: No
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF202F000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A6F000 Size: 8192 File Visible: No
Status: -

Name: gnhhmu.sys
Image Path: C:\WINDOWS\system32\drivers\gnhhmu.sys
Address: 0xF7AA1000 Size: 5024 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA43B000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!

Path: D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!

Path: E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!

Path: F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!

Path: G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "d347bus.sys" at address 0xf74b5818

#: 041 Function Name: NtCreateKey
Status: Hooked by "d347bus.sys" at address 0xf74b57d0

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "d347bus.sys" at address 0xf74a9a20

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "d347bus.sys" at address 0xf74aa2a8

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "d347bus.sys" at address 0xf74b5910

#: 119 Function Name: NtOpenKey
Status: Hooked by "d347bus.sys" at address 0xf74b5794

#: 160 Function Name: NtQueryKey
Status: Hooked by "d347bus.sys" at address 0xf74aa2c8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "d347bus.sys" at address 0xf74b5866

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "d347bus.sys" at address 0xf74b50b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f2f710 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x86d06d50 Size: -

Object: Hidden Code [Driver: InCDrec, IRP_MJ_READ]
Process: System Address: 0x86148af0 Size: -

Object: Hidden Code [Driver: Udfsࠅఉ瑎捦܉@考, IRP_MJ_READ]
Process: System Address: 0x86d6e220 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x86abd6c8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86aa9a10 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLOSE]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_READ]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_WRITE]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_EA]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_EA]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLEANUP]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_POWER]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_PNP]
Process: System Address: 0x86a9e228 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x85ce4150 Size: -

Object: Hidden Code [Driver: InCDfs, IRP_MJ_READ]
Process: System Address: 0x864b79f0 Size: -

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x869fab68 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86136340 Size: -

Object: Hidden Code [Driver: NpfsЅఐ卆浩, IRP_MJ_READ]
Process: System Address: 0x86477218 Size: -

Object: Hidden Code [Driver: Msfs؅ఐ卆浩, IRP_MJ_READ]
Process: System Address: 0x861cf890 Size: -

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x86214250 Size: -

Object: Hidden Code [Driver: CdfsЅ捃䙐Ё఩畁䱤曘Ę, IRP_MJ_READ]
Process: System Address: 0x86d87270 Size: -



Oh... neither the new link post by you (that with Dr.Web) doesn't have more succes. I double-clicked it, a window opens and immediately close the web page... The same problem I have with ATF Cleaner when I try to run it and with another one .exe programs...
Another thing: Today I put an VideoCamera on PC, and when I tried to made that: Safe Remove, I can't because the message said this is not possible for that moment. When this kind of message appear (on Save Remove Hardware) it is some viruses around, isn't it?!
  • 0

#28
Essexboy
Posted 01 February 2009 - 11:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Root repeal has seen the file so it should be able to kill it

Start root repeal and scan
Select the driver tab

Locate all instances of gnhhmu.sys
Right click each one and select Force Delete

Then move to all other tabs one at a time and force delete any reference to
a) gnhhmu.sys
b) C:\WINDOWS\system32\drivers\gnhhmu.sys

Note if you are unable to force delete the file then select Wipe File instead
  • 0

#29
Gasol
Posted 01 February 2009 - 11:16 AM

Gasol

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
It's incredible! I find only one gnhhmu.sys file (in the location where you told me) but I wasn't able to kill it! Force delete (first) and then Wipe File... fade away...
I attach the errors. This little garbage pissed me off... But I hope we will win!

Attached Thumbnails

  • error___1.JPG
  • error___2.JPG

  • 0

#30
Essexboy
Posted 01 February 2009 - 03:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry for the delay but I have to share the computer with my better half.

OK the top down approach does not work so lets try from the bottom up.

You will need to either print or copy this post to paper as you will be working from the recovery console

First we will need to repair your safe boot - to that end download the attached zip file and extract the registry file to your desktop. Right click the file and select merge


Then reboot your computer and as soon as it starts keep pressing F8 until you get to the menu.

Select recovery console

After you start the Windows Recovery Console, you receive the following message:

Microsoft Windows® Recovery Console

The Recovery Console provides system repair and recovery functionality.
Type EXIT to exit the Recovery Console and restart the computer.

1: C:\WINDOWS

Which Windows Installation would you like to log on to ?
(To cancel, press ENTER)
Enter the number for the appropriate Windows installation. In this example, you would press 1. Then, Windows prompts you to enter the Administrator account password. If you have no password then just press enter


Then at the command prompt C:> type the following exactly including spaces and quotation marks pressing return after each line

attrib -s -r -h "C:\WINDOWS\SYSTEM32\gnhhmu.sys"
del /q "C:\WINDOWS\SYSTEM32\gnhhmu.sys"
exit

When you have rebooted then try to access the DR. Web download
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP