Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Worm.Win32.NetSky [RESOLVED]

Started by nibelung_lgv , Jan 04 2008 06:02 PM

  • This topic is locked This topic is locked

#1
nibelung_lgv
Posted 04 January 2008 - 06:02 PM

nibelung_lgv

    New Member

  • Member
  • Pip
  • 8 posts
Hello, I have a little problem with my PC recently. A virus attacks it and there are popups telling I have a "Worm.win32.netsky". Also some website is opening... and it is really very annoying. Thank you in advance! :)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:41:06, on 05.1.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: The ensfolr - {7D1AD5EB-9902-4FF0-986F-CA498179A53B} - C:\WINDOWS\ensfolr.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1614895754-839522115-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'multiskype')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Изследване - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4F4E4D-F829-4020-AF50-C73D5E65BB58}: NameServer = 10.73.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bklgvsf - {19945AAD-FCEC-4579-B2BE-2E48B9E487EA} - C:\WINDOWS\bklgvsf.dll
O21 - SSODL: ampkfst - {52463205-4E1E-475C-ADF6-231FDF9452C0} - C:\WINDOWS\ampkfst.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6383 bytes
  • 0

Advertisements

#2
sarahw
Posted 05 January 2008 - 07:13 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)
  • 0

#3
sarahw
Posted 05 January 2008 - 07:26 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#4
nibelung_lgv
Posted 05 January 2008 - 11:08 AM

nibelung_lgv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi again!
Here it is the ComboFix log :




ComboFix 08-01-04.1 - pc 2008-01-05 19:16:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.587 [GMT 2:00]
Running from: C:\Documents and Settings\pc\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 18:31 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 10:52 . 2008-01-05 10:52 2,302 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-05 10:50 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-05 10:50 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-05 10:50 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-05 10:50 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-05 10:50 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-05 10:50 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-05 00:22 . 2008-01-05 00:22 <DIR> d-------- C:\Documents and Settings\Chanka\Application Data\skypePM
2008-01-05 00:20 . 2008-01-05 00:22 <DIR> d-------- C:\Documents and Settings\Chanka\Application Data\Skype
2008-01-04 11:57 . 2008-01-04 12:04 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-04 11:57 . 2008-01-04 12:04 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-04 11:56 . 2008-01-04 11:56 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-04 11:56 . 2008-01-05 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-04 11:56 . 2008-01-05 19:21 2,860,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-04 11:56 . 2008-01-05 18:29 38,852 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-04 11:56 . 2008-01-05 19:21 14,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-04 11:56 . 2008-01-05 18:29 3,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-04 11:40 . 2008-01-04 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-04 01:48 . 2008-01-04 01:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 01:48 . 2008-01-04 01:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 01:46 . 2008-01-04 01:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 01:46 . 2008-01-04 02:07 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-03 11:04 . 2004-08-23 16:43 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-01-03 11:04 . 2004-08-23 16:43 359,040 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2007-12-29 18:56 . 2007-12-29 18:58 1,328 --a------ C:\WINDOWS\desctemp.dat
2007-12-27 03:31 . 2007-12-27 03:31 <DIR> d-------- C:\Program Files\Stardock
2007-12-27 03:29 . 2007-12-27 03:29 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-24 19:05 . 2007-12-24 19:05 <DIR> d-------- C:\Documents and Settings\Chanka\Application Data\MiniLyrics
2007-12-24 18:54 . 2007-12-24 18:54 <DIR> d-------- C:\Documents and Settings\Chanka\Application Data\Winamp
2007-12-17 18:16 . 2007-12-17 18:16 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-12-16 19:45 . <DIR> C:\КурсѕІ°_р°±ѕт°
2007-12-16 16:18 . 164,076 C:\КурсѕІ°_р°±ѕт°.rar
2007-12-16 16:17 . 2007-12-16 16:17 15,376 --a------ C:\bg.abv.mail.htm
2007-12-16 14:43 . 2007-12-16 14:44 <DIR> d-------- C:\Documents and Settings\multiskype\Application Data\Winamp
2007-12-16 14:43 . 2007-12-16 14:43 <DIR> d-------- C:\Documents and Settings\multiskype\Application Data\MiniLyrics
2007-12-16 13:53 . 2007-12-16 13:53 <DIR> d-------- C:\Documents and Settings\multiskype\Application Data\ICQ Toolbar
2007-12-13 17:12 . 2007-12-13 17:12 <DIR> d-------- C:\Program Files\Nero
2007-12-13 17:12 . 2007-12-13 17:12 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-13 17:12 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2007-12-13 17:12 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2007-12-13 17:12 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2007-12-13 17:12 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-12-13 17:12 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2007-12-13 17:10 . 2007-12-13 17:10 126,976 --a------ C:\keymaker.exe
2007-12-13 16:56 . 2007-12-13 17:10 45,595,104 --a------ C:\Nero-8.1.1.0_asian_lite.exe
2007-12-08 18:19 . 1999-02-16 12:09 759,427 --a------ C:\Heroes III Tutorial.pdf
2007-12-08 18:19 . 2006-01-08 22:43 1,519 --a------ C:\HOMM3.REG
2007-12-08 15:02 . 2007-12-08 15:02 <DIR> d-------- C:\Documents and Settings\Chanka\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 17:06 --------- d-----w C:\Documents and Settings\multiskype\Application Data\Skype
2008-01-05 17:05 --------- d-----w C:\Documents and Settings\multiskype\Application Data\skypePM
2008-01-05 16:30 --------- d-----w C:\Program Files\Google
2008-01-05 16:23 --------- d-----w C:\Documents and Settings\pc\Application Data\Skype
2008-01-05 11:17 --------- d-----w C:\Program Files\ICQToolbar
2008-01-05 06:03 --------- d-----w C:\Documents and Settings\pc\Application Data\skypePM
2008-01-04 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-01-03 09:04 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-01 09:35 --------- d-----w C:\Documents and Settings\pc\Application Data\MiniLyrics
2007-12-13 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-09 18:26 --------- d-----w C:\Documents and Settings\pc\Application Data\Vso
2007-11-29 20:48 --------- d-----w C:\Program Files\Alwil Software
2007-11-29 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-29 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 18:10 --------- d-----w C:\Program Files\IVT Corporation
2007-11-29 18:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-28 15:54 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-28 15:54 47,360 ----a-w C:\Documents and Settings\pc\Application Data\pcouffin.sys
2007-11-28 15:53 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-28 15:41 --------- d-----w C:\Program Files\Replay Media Catcher
2007-11-28 15:41 --------- d-----w C:\Program Files\Replay Converter
2007-11-28 15:33 --------- d-----w C:\Documents and Settings\pc\Application Data\Nero
2007-11-28 15:21 --------- d-----w C:\Documents and Settings\pc\Application Data\Apple Computer
2007-11-28 15:19 --------- d-----w C:\Program Files\QuickTime
2007-11-28 15:19 --------- d-----w C:\Program Files\Apple Software Update
2007-11-28 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-28 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-28 15:08 --------- d-----w C:\Program Files\Ultra Mobile 3GP Video Converter
2007-11-28 14:34 --------- d-----w C:\Program Files\Xilisoft
2007-11-27 17:37 --------- d-----w C:\Documents and Settings\pc\Application Data\ICQ Toolbar
2007-11-27 11:24 --------- d-----w C:\Documents and Settings\pc\Application Data\GeoVid
2007-11-27 11:22 --------- d-----w C:\Program Files\Common Files\GeoVid
2007-11-27 11:21 --------- d-----w C:\Program Files\GeoVid
2007-11-27 11:01 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-11-27 10:58 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-11-27 10:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-27 10:57 --------- d-----w C:\Documents and Settings\pc\Application Data\GetRightToGo
2007-11-27 10:51 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-11-27 10:51 --------- d-----w C:\Program Files\FLV Player
2007-11-26 13:47 2,198,525 ----a-w C:\WINDOWS\Lost Bird.scr
2007-11-25 14:51 --------- d-----w C:\Documents and Settings\pc\Application Data\ICQ
2007-11-25 09:54 --------- d-----w C:\Documents and Settings\pc\Application Data\InstallShield
2007-11-24 17:24 --------- d-----w C:\Program Files\SA Dictionary 2005 T2
2007-11-24 16:50 --------- d-----w C:\Program Files\Winamp Toolbar
2007-11-24 16:50 --------- d-----w C:\Documents and Settings\pc\Application Data\Winamp
2007-11-24 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-11-24 15:26 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-24 15:24 --------- d-----w C:\Program Files\Skype
2007-11-24 15:24 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-24 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-05 13:11 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-05 12:59 --------- d-----w C:\Documents and Settings\pc\Application Data\Lavasoft
2007-11-05 12:58 --------- d-----w C:\Program Files\Lavasoft
2007-11-05 12:54 --------- d-----w C:\Program Files\Crystal Player
2007-11-05 12:52 98,304 ----a-w C:\WINDOWS\system32\qttask.exe
2007-11-05 12:51 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack
2007-11-05 12:30 --------- d-----w C:\Program Files\Realtek
2007-11-05 12:23 --------- d-----w C:\Documents and Settings\pc\Application Data\Eset
2007-11-05 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Eset
2007-11-05 11:52 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{7D1AD5EB-9902-4FF0-986F-CA498179A53B}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{7d1ad5eb-9902-4ff0-986f-ca498179a53b}]
[HKEY_CLASSES_ROOT\ensfolr.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{9F4F2CDD-5D18-4342-87A4-DFD83CBDFB65}]
[HKEY_CLASSES_ROOT\ensfolr.ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 10:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 10:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 10:40 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 22:05 16239616 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 20:04 2879488 C:\WINDOWS\SkyTel.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 15:32 89541 C:\WINDOWS\AGRSMMSG.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-23 16:28 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-11-29 20:10:46]
FlexType 2K.lnk - C:\WINDOWS\Datecs\Flex2K.exe [2007-11-05 14:56:40]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bklgvsf"= {19945AAD-FCEC-4579-B2BE-2E48B9E487EA} - C:\WINDOWS\bklgvsf.dll [ ]
"ampkfst"= {52463205-4E1E-475C-ADF6-231FDF9452C0} - C:\WINDOWS\ampkfst.dll [ ]

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-11-20 17:14]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 19:16:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 19:21:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\system32\newdll.dll
.
Completion time: 2008-01-05 19:22:38
ComboFix-quarantined-files.txt 2008-01-05 17:22:33
ComboFix2.txt 2008-01-05 16:46:52

Edited by nibelung_lgv, 05 January 2008 - 11:24 AM.

  • 0

#5
nibelung_lgv
Posted 05 January 2008 - 11:10 AM

nibelung_lgv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
And that is the HiJackThis log :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:41, on 05.1.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: The ensfolr - {7D1AD5EB-9902-4FF0-986F-CA498179A53B} - C:\WINDOWS\ensfolr.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1614895754-839522115-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'multiskype')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Изследване - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4F4E4D-F829-4020-AF50-C73D5E65BB58}: NameServer = 10.73.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bklgvsf - {19945AAD-FCEC-4579-B2BE-2E48B9E487EA} - C:\WINDOWS\bklgvsf.dll (file missing)
O21 - SSODL: ampkfst - {52463205-4E1E-475C-ADF6-231FDF9452C0} - C:\WINDOWS\ampkfst.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6514 bytes




10x :)

Edited by nibelung_lgv, 05 January 2008 - 11:25 AM.

  • 0

#6
sarahw
Posted 06 January 2008 - 07:42 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Before we begin this fix, can you please save these instructions in Notepad to your desktop, or print them, for reference. Some of this fix will be done in Safe mode, where you will not be able to access this thread on the internet. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

1.
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.


2.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Do not Run it yet, we will use it later. Save it somewhere you will remember, like your desktop.


3.
Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O3 - Toolbar: The ensfolr - {7D1AD5EB-9902-4FF0-986F-CA498179A53B} - C:\WINDOWS\ensfolr.dll (file missing)
O21 - SSODL: bklgvsf - {19945AAD-FCEC-4579-B2BE-2E48B9E487EA} - C:\WINDOWS\bklgvsf.dll (file missing)
O21 - SSODL: ampkfst - {52463205-4E1E-475C-ADF6-231FDF9452C0} - C:\WINDOWS\ampkfst.dll (file missing)


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


4.
Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.


5. - In Safe Mode
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\ensfolr.dll
C:\WINDOWS\bklgvsf.dll
C:\WINDOWS\ampkfst.dll


6. - In Safe Mode
Please open ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


7. - In Safe Mode
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.


8.
Post a new HijackThis log with the AVG Anstispyware log, here, in a reply. Also, please let me know of any problems you may have encountered or questions you want to ask.

Edited by sarahw, 06 January 2008 - 07:42 AM.

  • 0

#7
nibelung_lgv
Posted 06 January 2008 - 12:54 PM

nibelung_lgv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi and thanks a lot. :) I think the virus is gone.

Here are the logs:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:27, on 06.1.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
D:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abv.bg/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1614895754-839522115-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Chanka')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Изследване - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4F4E4D-F829-4020-AF50-C73D5E65BB58}: NameServer = 10.73.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6533 bytes










---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:32:44 06.1.2008 г.

+ Scan result:



Nothing found.


::Report end



PS: I don't use nor Opera browser, neither Firefox. Just Internet Explorer, so I missed the part for the browsers...
  • 0

#8
sarahw
Posted 07 January 2008 - 01:39 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
The Anti-Spyware scan looks good.
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Tell me how the computer is running.
  • 0

#9
nibelung_lgv
Posted 07 January 2008 - 11:04 AM

nibelung_lgv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry, the site isn't opening...

An error occurred while processing your request.
Reference #97.27b63554.1199725368.8541f38


So far the computer seems to be fine.
  • 0

#10
sarahw
Posted 08 January 2008 - 11:16 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
We'll try a different scanner.
Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

  • 0

Advertisements

#11
nibelung_lgv
Posted 09 January 2008 - 07:50 AM

nibelung_lgv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,
I did what you said and this is the report :)




BitDefender Online Scanner



Scan report generated at: Wed, Jan 09, 2008 - 15:18:34





Scan path: C:\Documents and Settings\Chanka\My Documents;C:\Documents and Settings\pc\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\;E:\;C:\Documents and Settings\pc\My Documents;C:\Documents and Settings\pc\Desktop\kopps_betahouse[1].(subs.sab.bz);C:\Documents and Settings\pc\Desktop\New Folder;C:\Documents and Settings\pc\Desktop\SmitfraudFix;







Statistics

Time
00:43:21

Files
104250

Folders
3264

Boot Sectors
3

Archives
1256

Packed Files
5405




Results

Identified Viruses
1

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2




Engines Info

Virus Definitions
887251

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\QooBox\Quarantine\C\WINDOWS\ampkfst.dll.vir
Infected with: Trojan.Zlob.CBR

C:\QooBox\Quarantine\C\WINDOWS\ampkfst.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\ampkfst.dll.vir
Deleted

C:\System Volume Information\_restore{256667C1-80A3-4175-9CBB-5E2070CCF132}\RP62\A0027689.dll
Infected with: Trojan.Zlob.CBR

C:\System Volume Information\_restore{256667C1-80A3-4175-9CBB-5E2070CCF132}\RP62\A0027689.dll
Disinfection failed

C:\System Volume Information\_restore{256667C1-80A3-4175-9CBB-5E2070CCF132}\RP62\A0027689.dll
Deleted
  • 0

#12
sarahw
Posted 12 January 2008 - 06:05 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


  • Posted Image

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

Post a fresh Hijack This log and tell me how the computer is running.

:)
  • 0

#13
nibelung_lgv
Posted 12 January 2008 - 09:59 PM

nibelung_lgv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi

That's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:56, on 2008-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\ICQ6\ICQ.exe
D:\Program Files\FlashGet\flashget.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
D:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abv.bg/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1614895754-839522115-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Chanka')
O4 - HKUS\S-1-5-21-1614895754-839522115-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'abc')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Изследване - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4F4E4D-F829-4020-AF50-C73D5E65BB58}: NameServer = 10.73.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

--
End of file - 7010 bytes





Everything's ok.
  • 0

#14
sarahw
Posted 12 January 2008 - 10:03 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Congratulations, your log is now clean. :)

1.
A well protected computer should have at least an Anti Virus and Firewall, an Anti Spyware program is also great addition to your computers security. You can find a list of free security products HERE that I like to recommend to people that will help ensure safe surfing on the internet, and to help you from getting infected again.
Note: DO NOT install more than one Antivirus or Firewall program. They will conflict, and provide less protection, not more. Uninstall any existing Anti Virus\Firewall programs if you're going to install a new one.


2.
Windows Updates
It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there


3.
You can now Rehide your system files by using these instructions HERE


4.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read THIS article by Tony Klein.


If you have any other problems or questions be sure to ask. :)
  • 0

#15
nibelung_lgv
Posted 14 January 2008 - 10:07 AM

nibelung_lgv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'm happy about it :) Thank you very much for your help :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP