Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

nsmss.exe [RESOLVED]

Started by MargiRose , Sep 24 2007 10:12 AM

  • This topic is locked This topic is locked

#16
MargiRose
Posted 01 October 2007 - 08:24 PM

MargiRose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I'm watching the Pat's game............you? :)

OTMoveIt results:

C:\WINDOWS\system32\wkssvc.exe moved successfully.
C:\WINDOWS\system32\dst.exe moved successfully.
File/Folder C:\WINDOWS\system32\dst.exe not found.
C:\WINDOWS\system32\nphvauvhc.exe moved successfully.
C:\WINDOWS\system32\z.exe moved successfully.
C:\WINDOWS\Security\msiexec.exe moved successfully.

Created on 10/01/2007 22:23:45

Deckard's System Scanner v20070905.67
Run by HP_Owner on 2007-10-01 22:24:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:02 PM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Security\msiexec.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\yfofrzrfjcn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egakuvqj] C:\WINDOWS\system32\egakuvqj.exe
O4 - HKLM\..\Run: [yfofrzrfjcn] C:\WINDOWS\system32\yfofrzrfjcn.exe
O4 - HKLM\..\RunServices: [yadogsuiwzq] C:\WINDOWS\system32\yadogsuiwzq.exe
O4 - HKLM\..\RunServices: [egakuvqj] C:\WINDOWS\system32\egakuvqj.exe
O4 - HKLM\..\RunServices: [yfofrzrfjcn] C:\WINDOWS\system32\yfofrzrfjcn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...125/mcfscan.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Print Spooler Service (cupui4yynpaareir) - Unknown owner - C:\WINDOWS\system32\e.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\system32\nsmss.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WINDOWS MSI Installer Application (WIN_MSIEXEC) - Unknown owner - C:\WINDOWS\Security\msiexec.exe (file missing)

--
End of file - 11150 bytes

-- Files created between 2007-09-01 and 2007-10-01 -----------------------------

2007-10-01 22:06:00 104448 --a------ C:\WINDOWS\system32\e.exe
2007-10-01 17:58:40 104448 --a------ C:\WINDOWS\system32\qgz.exe
2007-10-01 16:08:48 104448 --a------ C:\WINDOWS\system32\yfofrzrfjcn.exe
2007-10-01 15:09:55 104448 --a------ C:\WINDOWS\system32\egakuvqj.exe
2007-10-01 14:33:14 104448 --a------ C:\WINDOWS\system32\czx.exe
2007-10-01 11:11:32 104448 --a------ C:\WINDOWS\system32\opamqikyp.exe
2007-10-01 09:35:05 104448 --a------ C:\WINDOWS\system32\lgkqedwqrff.exe
2007-10-01 08:55:18 104448 --a------ C:\WINDOWS\system32\cuqp.exe
2007-10-01 08:35:00 104448 --a------ C:\WINDOWS\system32\dameklstfmgg.exe
2007-10-01 06:47:15 104448 --a------ C:\WINDOWS\system32\rydtx.exe
2007-09-30 20:55:04 104448 --a------ C:\WINDOWS\system32\yadogsuiwzq.exe
2007-09-30 17:51:19 104448 --a------ C:\WINDOWS\system32\rhprkumkzunt.exe
2007-09-30 15:24:55 154 --a------ C:\WINDOWS\FixServices.bat <FIXSER~1.BAT>
2007-09-29 20:36:20 0 d-------- C:\Program Files\Trend Micro
2007-09-27 06:12:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-27 06:06:56 0 d-------- C:\WINDOWS\ERUNT
2007-09-24 16:16:38 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-09-23 15:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-09-21 18:08:26 0 d-------- C:\WINDOWS\McAfee.com
2007-09-17 07:37:38 0 d--h----- C:\system32


-- Find3M Report ---------------------------------------------------------------

2007-09-27 18:56:36 22122 --a------ C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-09-24 15:53:37 0 d-------- C:\Program Files\Common Files
2007-09-22 19:41:46 0 d--h----- C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-09-14 08:07:59 0 d-------- C:\Program Files\McAfee
2007-08-23 20:08:22 0 d-------- C:\Program Files\Windows Live Safety Center
2007-08-14 20:45:09 0 d-------- C:\Program Files\MSXML 4.0
2007-08-11 20:37:43 0 d-------- C:\Program Files\Windows Defender
2007-08-11 09:56:04 0 d-------- C:\Program Files\Lavasoft
2007-08-11 09:54:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-06 15:43:24 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\McAfee


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [03/05/2005 12:29 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 AM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 08:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 04:59 AM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 06:06 AM C:\WINDOWS\AGRSMMSG.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 08:02 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/05/2005 12:50 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 09:43 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/25/2004 10:17 AM]
"SoundMan"="SOUNDMAN.EXE" [10/13/2004 10:01 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [10/13/2004 12:17 PM C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 10:54 AM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/09/2005 03:32 PM]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/07/2005 10:26 AM]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/07/2005 10:33 AM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/01/2004 05:22 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"egakuvqj"="C:\WINDOWS\system32\egakuvqj.exe" [10/01/2007 03:09 PM]
"yfofrzrfjcn"="C:\WINDOWS\system32\yfofrzrfjcn.exe" [10/01/2007 04:08 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/11/2007 06:03 PM]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"yadogsuiwzq"=C:\WINDOWS\system32\yadogsuiwzq.exe
"egakuvqj"=C:\WINDOWS\system32\egakuvqj.exe
"yfofrzrfjcn"=C:\WINDOWS\system32\yfofrzrfjcn.exe

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [6/23/2004 1:23:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 11:28:24 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/11/2007 6:03:04 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [1/25/2007 2:44:25 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-10-01 22:25:29 ------------

Edited by MargiRose, 01 October 2007 - 08:27 PM.

  • 0

Advertisements

#17
don77
Posted 02 October 2007 - 06:15 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

I'm watching the Pat's game............you?

I was :)

Ok this is being a bit of a PITA

Please disable windows defender again please


Next
Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

sc stop Print Spooler Service
sc stop Windows Network Service Monitor
sc stop WINDOWS MSI Installer Application
sc delete Print Spooler Service
sc delete Windows Network Service Monitor
sc delete WINDOWS MSI Installer Application
exit

Double click FixServices.bat. A window will open and close. This is normal.




Next
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O4 - HKLM\..\Run: [egakuvqj] C:\WINDOWS\system32\egakuvqj.exe
O4 - HKLM\..\Run: [yfofrzrfjcn] C:\WINDOWS\system32\yfofrzrfjcn.exe
O4 - HKLM\..\RunServices: [yadogsuiwzq] C:\WINDOWS\system32\yadogsuiwzq.exe
O4 - HKLM\..\RunServices: [egakuvqj] C:\WINDOWS\system32\egakuvqj.exe
O4 - HKLM\..\RunServices: [yfofrzrfjcn] C:\WINDOWS\system32\yfofrzrfjcn.exe
O23 - Service: Print Spooler Service (cupui4yynpaareir) - Unknown owner - C:\WINDOWS\system32\e.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\system32\nsmss.exe (file missing)
O23 - Service: WINDOWS MSI Installer Application (WIN_MSIEXEC) - Unknown owner - C:\WINDOWS\Security\msiexec.exe (file missing)

Close out HJT


Next
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\egakuvqj.exe
    C:\WINDOWS\system32\yfofrzrfjcn.exe
    C:\WINDOWS\system32\yadogsuiwzq.exe
    C:\WINDOWS\system32\egakuvqj.exe
    C:\WINDOWS\system32\yfofrzrfjcn.exe
    C:\WINDOWS\system32\e.exe
    C:\WINDOWS\system32\qgz.exe
    C:\WINDOWS\system32\czx.exe
    C:\WINDOWS\system32\opamqikyp.exe
    C:\WINDOWS\system32\lgkqedwqrff.exe
    C:\WINDOWS\system32\cuqp.exe
    C:\WINDOWS\system32\dameklstfmgg.exe
    C:\WINDOWS\system32\rydtx.exe
    C:\WINDOWS\system32\rhprkumkzunt.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.


Post back a fresh DSS log for me please
  • 0

#18
MargiRose
Posted 02 October 2007 - 06:50 PM

MargiRose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
1. What's a PITA? Is more crap getting installed even while we've been cleaning it up??

2. I hope I didn't screw this one up, but I forgot to disable Windows Defender at first. I did the HJT fix part first, then remembered to disable Defender, then did OTMoveIt.

Anywho's....thanks. Here are the logs:

C:\WINDOWS\system32\egakuvqj.exe moved successfully.
C:\WINDOWS\system32\yfofrzrfjcn.exe moved successfully.
C:\WINDOWS\system32\yadogsuiwzq.exe moved successfully.
File/Folder C:\WINDOWS\system32\egakuvqj.exe not found.
File/Folder C:\WINDOWS\system32\yfofrzrfjcn.exe not found.
C:\WINDOWS\system32\e.exe moved successfully.
C:\WINDOWS\system32\qgz.exe moved successfully.
C:\WINDOWS\system32\czx.exe moved successfully.
C:\WINDOWS\system32\opamqikyp.exe moved successfully.
C:\WINDOWS\system32\lgkqedwqrff.exe moved successfully.
C:\WINDOWS\system32\cuqp.exe moved successfully.
C:\WINDOWS\system32\dameklstfmgg.exe moved successfully.
C:\WINDOWS\system32\rydtx.exe moved successfully.
C:\WINDOWS\system32\rhprkumkzunt.exe moved successfully.

Created on 10/02/2007 20:48:33


Deckard's System Scanner v20070905.67
Run by HP_Owner on 2007-10-02 20:50:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:15 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Logitech\Video\VideoEffectsWatcher.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...125/mcfscan.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Print Spooler Service (cupui4yynpaareir) - Unknown owner - C:\WINDOWS\system32\yfofrzrfjcn.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\system32\nsmss.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WINDOWS MSI Installer Application (WIN_MSIEXEC) - Unknown owner - C:\WINDOWS\Security\msiexec.exe (file missing)

--
End of file - 10938 bytes

-- Files created between 2007-09-02 and 2007-10-02 -----------------------------

2007-09-30 15:24:55 154 --a------ C:\WINDOWS\FixServices.bat <FIXSER~1.BAT>
2007-09-29 20:36:20 0 d-------- C:\Program Files\Trend Micro
2007-09-27 06:12:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-27 06:06:56 0 d-------- C:\WINDOWS\ERUNT
2007-09-24 16:16:38 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-09-23 15:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-09-21 18:08:26 0 d-------- C:\WINDOWS\McAfee.com
2007-09-17 07:37:38 0 d--h----- C:\system32


-- Find3M Report ---------------------------------------------------------------

2007-10-02 20:41:40 22288 --a------ C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-09-24 15:53:37 0 d-------- C:\Program Files\Common Files
2007-09-22 19:41:46 0 d--h----- C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-09-14 08:07:59 0 d-------- C:\Program Files\McAfee
2007-08-23 20:08:22 0 d-------- C:\Program Files\Windows Live Safety Center
2007-08-14 20:45:09 0 d-------- C:\Program Files\MSXML 4.0
2007-08-11 20:37:43 0 d-------- C:\Program Files\Windows Defender
2007-08-11 09:56:04 0 d-------- C:\Program Files\Lavasoft
2007-08-11 09:54:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-06 15:43:24 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\McAfee


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [03/05/2005 12:29 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 AM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 08:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 04:59 AM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 06:06 AM C:\WINDOWS\AGRSMMSG.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 08:02 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/05/2005 12:50 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 09:43 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/25/2004 10:17 AM]
"SoundMan"="SOUNDMAN.EXE" [10/13/2004 10:01 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [10/13/2004 12:17 PM C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 10:54 AM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [12/09/2005 03:32 PM]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [12/07/2005 10:26 AM]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [12/07/2005 10:33 AM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [11/01/2004 05:22 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/11/2007 06:03 PM]
"Aim6"="" []

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [6/23/2004 1:23:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 11:28:24 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/11/2007 6:03:04 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [1/25/2007 2:44:25 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-10-02 20:50:43 ------------

Edited by MargiRose, 02 October 2007 - 06:55 PM.

  • 0

#19
don77
Posted 03 October 2007 - 02:52 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Better :)

Want to see something here

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#20
MargiRose
Posted 04 October 2007 - 06:48 AM

MargiRose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Better :)


Better is good. :)

(never mind on my 'what's a PITA' question.....I Urban Dictionary'd it and I'm guessing it's not a flatbread of Mediterranean origin.) :wave: Hehe

Also.....I had to stop the scan. It said 99% done for about 20 minutes and I couldn't wait any longer. Let me know if I need to re-run it fully.

EDIT: I'm going to run the scan fully, first thing tomorrow and I'll post the results then. :)

Edited by MargiRose, 04 October 2007 - 11:54 AM.

  • 0

#21
don77
Posted 05 October 2007 - 04:24 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

(never mind on my 'what's a PITA' question.....I Urban Dictionary'd it and I'm guessing it's not a flatbread of Mediterranean origin.) tongue.gif Hehe


:)

Yes I need to see the log from the scan please
  • 0

#22
MargiRose
Posted 05 October 2007 - 05:33 AM

MargiRose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Voila! :)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 05, 2007 7:31:22 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 5/10/2007
Kaspersky Anti-Virus database records: 427610
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 92885
Number of viruses found: 6
Number of infected objects: 108
Number of suspicious objects: 0
Duration of the scan process: 01:49:40

Infected Object Name / Virus Name / Last Action
C:\aolconfig.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\bootloader.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\bootloaderX.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Deckard\System Scanner\20070929203551\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\images_009.zip/image009.JPG-www.imgshack.com Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\Deckard\System Scanner\20070929203551\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\images_009.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-08112007-203757.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch.zip/lsdsrngo.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip/dwdsrngt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\LightScribe\log\log2188.txt Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E391851B-4AD2-4E30-8BFD-64E0C509666B} Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012007100520071006\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\L0000018.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\storydb.idx Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jrldbynu.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ripiyrxc.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rjgbnxll.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\SDFix\backups\backups.zip/backups/aol-updates.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\SDFix\backups\backups.zip/backups/aol.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\SDFix\backups\backups.zip/backups/aolsoftware.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\SDFix\backups\backups.zip/backups/r.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP321\A0080445.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080452.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080462.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080485.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080496.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080506.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP323\A0080531.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP323\A0080540.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080562.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080584.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080611.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080650.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080663.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080687.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080698.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP326\A0080780.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP327\A0080936.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP327\A0080954.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP328\A0080986.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP329\A0080999.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP329\A0081013.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP329\A0081029.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP330\A0081043.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP331\A0081094.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP332\A0081106.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP332\A0081132.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP333\A0081271.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP333\A0081298.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP333\A0081381.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP333\A0081532.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP336\A0081934.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP336\A0081954.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP337\A0081983.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP337\A0081994.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP338\A0082093.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP338\A0082106.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP338\A0082119.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP340\A0082165.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP340\A0082177.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP340\A0082195.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP343\A0082216.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP344\A0082234.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP344\A0082243.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP344\A0082253.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP360\A0084494.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP361\A0084510.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP366\A0084710.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP374\A0085092.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP374\A0085100.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP375\A0085126.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP375\A0085159.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP381\A0085517.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP382\A0085647.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085752.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085753.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085754.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085755.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085759.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085760.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085761.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085762.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP386\A0085834.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP386\A0085835.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP386\A0085836.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP389\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{430AA271-0B25-45E3-9B9E-1B2B0C7B790B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bm.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\dhxhbrl.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mgj.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\mtccqpmryia.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\ny.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\obezhbzmzqrj.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\qjvfywfykni.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\rjrto.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\rn.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\rssgtnizvul.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\uimzaux.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\uuwpkwckn.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xulydhe.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\yqryswaea.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\yznygrb.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\Temp\mcmsc_fVgBJwCJ9kxVdwB Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\aolupdates.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\aolx.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\updates9453.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\bootini.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\Security\msiexec.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\akkbgonzvm.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\kstvs.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\nwjenftpncfq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rl.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ssidd.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\wkssvc.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\zxcugzp.exe Infected: Trojan.Win32.Obfuscated.gy skipped
D:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP389\change.log Object is locked skipped

Scan process completed.
  • 0

#23
don77
Posted 05 October 2007 - 06:18 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Lot of garbage left on the machine
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\yznygrb.exe
    C:\WINDOWS\system32\yqryswaea.exe
    C:\WINDOWS\system32\xulydhe.exe
    C:\WINDOWS\system32\mgj.exe
    C:\WINDOWS\system32\mtccqpmryia.exe
    C:\WINDOWS\system32\qjvfywfykni.exe
    C:\WINDOWS\system32\rjrto.exe
    C:\WINDOWS\system32\rn.exe
    C:\WINDOWS\system32\rssgtnizvul.exe
    C:\WINDOWS\system32\uimzaux.exe
    C:\WINDOWS\system32\uuwpkwckn.exe
    C:\WINDOWS\system32\dhxhbrl.exe
    C:\WINDOWS\system32\bm.exe
    C:\bootloaderX.exe
    C:\bootloader.exe
    C:\aolconfig.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Rescan with Kaspersky and post back the log from it please
  • 0

#24
MargiRose
Posted 06 October 2007 - 08:17 AM

MargiRose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Here are the OTMoveIt results. I'll start the scan now and post that log when it's done.

C:\WINDOWS\system32\yznygrb.exe moved successfully.
C:\WINDOWS\system32\yqryswaea.exe moved successfully.
C:\WINDOWS\system32\xulydhe.exe moved successfully.
C:\WINDOWS\system32\mgj.exe moved successfully.
C:\WINDOWS\system32\mtccqpmryia.exe moved successfully.
C:\WINDOWS\system32\qjvfywfykni.exe moved successfully.
C:\WINDOWS\system32\rjrto.exe moved successfully.
C:\WINDOWS\system32\rn.exe moved successfully.
C:\WINDOWS\system32\rssgtnizvul.exe moved successfully.
C:\WINDOWS\system32\uimzaux.exe moved successfully.
C:\WINDOWS\system32\uuwpkwckn.exe moved successfully.
C:\WINDOWS\system32\dhxhbrl.exe moved successfully.
C:\WINDOWS\system32\bm.exe moved successfully.
C:\bootloaderX.exe moved successfully.
C:\bootloader.exe moved successfully.
C:\aolconfig.exe moved successfully.

Created on 10/06/2007 10:16:58
  • 0

#25
don77
Posted 06 October 2007 - 08:23 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
I need to ask you what you use this computer for the infections on it were pretty bad it compromised the machine
  • 0

Advertisements

#26
MargiRose
Posted 06 October 2007 - 09:18 AM

MargiRose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Just regular stuff Donzo. Email, IM, browsing, etc. What do you mean specifically? If this helps....the problems started happening over the summer when my kids were home from school and on the computer more. Right around that time, I finally let my 12-year old use AIM and start a MySpace, and he'd be on alot of sites to find layouts, backgrounds, graphics and stuff like that. I noticed some 'questionable' sites in the history a few times, and confronted him about it. He said that he'd be on MySpace or a layout site, and get one of those stupid "find your secret love crush" pop-ups or something similar, where they'll prompt you to click a 'yes' or 'no' box, and not knowing any better...he'd click the "no" button which would open a new browser. I've since explained to him that you don't click either yes or no...you X out of it, or end the task with the control panel.

I was pretty sure at the time, from the way the history looked, that he wasn't actually going into any of the questionable sites, but rather that they were just one-time pop ups. But now I'm wondering if I was wrong. Can you tell me a little more about the infections and what has compromised our machine? A PM is fine if you don't want it here. Thanks.
  • 0

#27
don77
Posted 06 October 2007 - 09:26 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Its fine here actually
You had some backdoor trojans on the machine that could compromise the system meaning if you do any online banking or such on the machine you will want to take some precautions

I was pretty sure at the time, from the way the history looked, that he wasn't actually going into any of the questionable sites, but rather that they were just one-time pop ups. But now I'm wondering if I was wrong.


I believe your right :)
  • 0

#28
MargiRose
Posted 06 October 2007 - 09:38 AM

MargiRose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

You had some backdoor trojans on the machine that could compromise the system meaning if you do any online banking or such on the machine you will want to take some precautions

Crap, I forgot about online banking. :) I do that, as well as several bill-pays online....mostly on my work computer, but ocassionally from home.

I believe your right :wave:

Whew *wipes brow* Good. :)

The Kaspersky scan looks like it's just finishing up the C drive, so it should be done shortly. So far, 5 viruses, 78 infected objects. :)

Edited by MargiRose, 06 October 2007 - 09:39 AM.

  • 0

#29
MargiRose
Posted 06 October 2007 - 10:19 AM

MargiRose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Done!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 06, 2007 12:17:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 6/10/2007
Kaspersky Anti-Virus database records: 428263
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 93626
Number of viruses found: 6
Number of infected objects: 108
Number of suspicious objects: 0
Duration of the scan process: 01:49:12

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20070929203551\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\images_009.zip/image009.JPG-www.imgshack.com Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\Deckard\System Scanner\20070929203551\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\images_009.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-08112007-203757.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch.zip/lsdsrngo.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip/dwdsrngt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\LightScribe\log\log2092.txt Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DA3C8F11-03EE-43BE-AD18-1561621EA6F9} Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012007100620071007\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFAB9A.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFABA8.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\L0000018.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\HP_Owner\Data\storydb.idx Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jrldbynu.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ripiyrxc.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rjgbnxll.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\SDFix\backups\backups.zip/backups/aol-updates.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\SDFix\backups\backups.zip/backups/aol.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\SDFix\backups\backups.zip/backups/aolsoftware.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\SDFix\backups\backups.zip/backups/r.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP321\A0080445.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080452.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080462.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080485.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080496.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP322\A0080506.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP323\A0080531.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP323\A0080540.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080562.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080584.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080611.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080650.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080663.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080687.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP324\A0080698.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP326\A0080780.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP327\A0080936.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP327\A0080954.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP328\A0080986.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP329\A0080999.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP329\A0081013.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP329\A0081029.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP330\A0081043.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP331\A0081094.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP332\A0081106.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP332\A0081132.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP333\A0081271.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP333\A0081298.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP333\A0081381.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP333\A0081532.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP336\A0081934.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP336\A0081954.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP337\A0081983.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP337\A0081994.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP338\A0082093.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP338\A0082106.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP338\A0082119.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP340\A0082165.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP340\A0082177.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP340\A0082195.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP343\A0082216.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP344\A0082234.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP344\A0082243.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP344\A0082253.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP360\A0084494.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP361\A0084510.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP366\A0084710.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP374\A0085092.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP374\A0085100.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP375\A0085126.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP375\A0085159.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP381\A0085517.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP382\A0085647.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085752.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085753.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085754.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085755.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085759.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085760.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085761.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP384\A0085762.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP386\A0085834.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP386\A0085835.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP386\A0085836.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP389\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9EC35954-52D3-455B-8062-C22364B77C44}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ny.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\obezhbzmzqrj.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_3dgmcSbr8gBmkuq Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Al0N4dumWhbhn1F Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\aolconfig.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\aolupdates.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\aolx.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\bootloader.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\bootloaderX.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\updates9453.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\bootini.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\Security\msiexec.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\akkbgonzvm.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\bm.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\dhxhbrl.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\kstvs.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\mgj.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\mtccqpmryia.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\nwjenftpncfq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\qjvfywfykni.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rjrto.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rl.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rn.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rssgtnizvul.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ssidd.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\uimzaux.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\uuwpkwckn.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\wkssvc.exe Infected: Backdoor.Win32.IRCBot.ahm skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\xulydhe.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\yqryswaea.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\yznygrb.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\zxcugzp.exe Infected: Trojan.Win32.Obfuscated.gy skipped

Scan process completed.
  • 0

#30
don77
Posted 06 October 2007 - 10:38 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

Crap, I forgot about online banking. wacko.gif I do that, as well as several bill-pays online....mostly on my work computer, but ocassionally from home


You should double check on your accounts then to be safe, below are some suggestions to follow

Important information: You have signs of a backdoor trojan and/or rootkit on your system (more info). These have the potential to harvest confidential data, and require special attention. Although rare, identity theft, or other fraudulent financial activity is a possibility. We generally have good success removing all signs of these infections. However, if you have adequate backups, required media (CDs), and the ability, at this point it would be wise to consider reformatting and reinstalling your operating system and applications. We can provide you with some helpful links if needed. (link to internal topic when completed)


If you used the infected system for online banking, any online financial transactions (including eBay and Paypal), or access any sensitive information online, please use a known clean computer, and change your passwords as soon as possible. It would also be wise to contact those same financial institutions to let them know your account information and passwords may have been compromised. Closely monitor all bank and credit card statements. In the event you do notice suspicious activity, it's important you act quickly. Follow these steps recommended by the FTC: Defend: Recover From Identity Theft.



Good news is everything found by Kaspersky scan is either quarantined or in System restore which we will flush out

Please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot,


And

Nice job your log is clean ! :)
How is it running ?
Please use the following suggestion to help prevent reinfection
  • Download the following program, For keeping crap off your system to begin with
    Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
    Download
    Spyware Blaster
    Spyware Guard
    IE-Spyad


  • Online scan
    For an added check run an online virus scan, you can use one of the 2 below,
    TrendMicro's HouseCall
    ActiveScan


  • Clean out Temp Folders
    Be sure and give the Temp folders a cleaning out now and then as well, A handy tool to do this
    Please download ATF Cleaner by Atribune.
    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browserClick Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browserClick Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.


  • Updating Java and Clearing Cache:
    • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
    • It will say "Java Plug-in" under the icon.
      Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
    • If you are unable to update you can manually update by going Here
    • After the reboot, go back into the Control Panel and double-click the Java Icon.
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
      • Downloaded Applets
        Downloaded Applications
        Other Files
    • Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Java Control Panel.

  • Windows Updates
    Remeber to Check Windows for updates


  • Flush System Restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    2. Restart your computer.

    3. Turn ON System Restore.On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check Turn off System Restore.
    Click Apply, and then click OK.
System Restore will now be active again.


To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
[/list]


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP