Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help - Possible Trojan Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help - Possible Trojan Infection

Unread postby Kupuham » August 23rd, 2007, 10:12 pm

Accidentally clicked ran an exe on a crack .rar, without virus scanning first. After a small lag posterior to clicking the .exe, I remenbered to do the scan, and AVG found and removed Backdoor.hupigon.bfa, but I think it would not remove all of it after it was run.
I think i wouldnt have anything else, have Avast!, ZAP pro, regular checks with Ad-Aware and Spybot.

Regards,
Kupuham

Logfile of HijackThis v1.99.1
Scan saved at 18:11:01, on 22/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avast\aswUpdSv.exe
C:\Arquivos de programas\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG7\avgamsvr.exe
C:\ARQUIV~1\AVG7\avgupsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Avast\ashMaiSv.exe
C:\Arquivos de programas\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\ARQUIV~1\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Logitech\Profiler\lwemon.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wscntfy.exe
c:\arquivos de programas\anti spyware\a-squared free\a2free.exe
C:\Arquivos de programas\Anti Spyware\a-squared Free\a2service.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\usuário\Desktop\PC Diag\Tcpview.exe
C:\Documents and Settings\usuário\Desktop\PC Diag\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Arquivos de programas\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-U ... E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\ROBOTG~1\Spyberus\RGIEMon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\Anti Spyware\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Kupuham
Active Member
 
Posts: 11
Joined: August 22nd, 2007, 3:19 pm
Advertisement
Register to Remove

Unread postby askey127 » August 26th, 2007, 10:36 am

Kupuham,
You may be wondering why it has taken so long to receive an answer to your log. I can help you guess. The policy of this forum is that no one who is found to have pirated or cracked software on their computer will be helped on this forum. So Posters who use pirated software and cracks do not engender a lot of sympathy. You likely got infected by using cracked software or visiting crack sites, as you have said.

Please let me tell you ahead of time that the first discovered instance of cracked or pirated software installed on your machine will result in the termination of our help, without further notice. This includes the operating system and any installed applications. This part of our policy is not negotiable.

Now, about the difficulty that caused you to post:
The very dangerous infection, "Backdoor.hupigon" , gives remote intruders complete control of your computer, which can include logging key strokes, stealing information, etc.

You are strongly advised to do the following immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *ALL* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Because of the infection's backdoor functionality, the basic security of your PC is very likely compromised, and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned" and reconnected to the internet. (This infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).
If you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so, under the conditions outlined above. This is your choice to make.

To help you make a more informed decision, you can read the following articles:

Should you have any further questions, please feel free to ask.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Kupuham » August 26th, 2007, 10:46 am

Yes I would like to try and clean my computer, even though I have the "resources" to re-install windows, (my copy is legitimate)
Kupuham
Active Member
 
Posts: 11
Joined: August 22nd, 2007, 3:19 pm

Unread postby askey127 » August 26th, 2007, 11:46 am

Kupuham,
-------------------------------------------------------
When you answer, please post all your responses as a Reply to this same topic.
Use the Post Reply button. Please Do not use New Topic.
While we are working on your computer, please DO NOT Turn OFF either System Restore or your Firewall.
If there is anything you can't do, or any instruction that you don't understand, then please let me know in a reply.
-----------------------------------------------------------
Set Your Computer to Show All Files
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading, select Show hidden files and folders.
  6. Uncheck Hide protected operating system files (recommended).
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.
In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
-----------------------------------------------------------
You have two antivirus programs on your PC at the same time. They will conflict with each other and cause system instability and/or improper AntiVirus protection.
Choose to keep just one: either the Avast or AVG Antivirus, and Uninstall the other, Using Start, Control Panel, Add/Remove Programs.
----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck "Only delete files in Windows Temp folders older than 48 hours".
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------
Using Internet Explorer, Please Do an Online Scan with Kaspersky WebScanner.
Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log to your Desktop as filename KAV.txt
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply. Please also post the contents of KAV.txt and CCleaner's install.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Kupuham » August 26th, 2007, 12:06 pm

Thanks for your help!
On the anti virus issue, I just swapped to avast!, being told that it is better then AVG, but left AVG deactivated but installed in case I wanted to use it again.

I ran Kaspersky three days ago, should I still run it again?
In any case, here are the results from Kaspersky and CCleaner.

KASPERSKY ONLINE SCANNER REPORT
Thursday, August 23, 2007 7:54:24 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 23/08/2007
Kaspersky Anti-Virus database records: 387382
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 239666
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 01:48:56

Infected Object Name Virus Name Last Action
C:\Arquivos de programas\Avast\DATA\aswResp.dat Object is locked skipped
C:\Arquivos de programas\Avast\DATA\Avast4.db Object is locked skipped
C:\Arquivos de programas\Avast\DATA\integ\avast.int Object is locked skipped
C:\Arquivos de programas\Avast\DATA\log\AshWebSv.ws Object is locked skipped
C:\Arquivos de programas\Avast\DATA\log\aswMaiSv.log Object is locked skipped
C:\Arquivos de programas\Avast\DATA\log\nshield.log Object is locked skipped
C:\Arquivos de programas\Avast\DATA\report\Proteção residente.txt Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Crypto\RSA\MachineKeys\69e6fca8d0a95dd9d44bece0416c641f_79e3f085-b771-4cf0-83f9-6f084d2f3668 Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Crypto\RSA\MachineKeys\7f70c3aa9489e755f10e3750ab1d9379_79e3f085-b771-4cf0-83f9-6f084d2f3668 Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Crypto\RSA\MachineKeys\d1ebe2080980ba0635bd89760d3e78e5_79e3f085-b771-4cf0-83f9-6f084d2f3668 Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Crypto\RSA\MachineKeys\d24746990a7e62279c2dce1bba3f4b3d_79e3f085-b771-4cf0-83f9-6f084d2f3668 Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\usuário\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\usuário\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\usuário\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\usuário\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\usuário\Configurações locais\Temp\~DF9578.tmp Object is locked skipped
C:\Documents and Settings\usuário\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\usuário\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\usuário\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\usuário\ntuser.dat Object is locked skipped
C:\Documents and Settings\usuário\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{70283F15-8AF0-4C88-8775-2D60F29E6564}\RP410\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\JEFFERSON.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7b4.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0365b.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0365e.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

a-squared Free 3.0
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
Age of Empires III - The WarChiefs
Age of Empires III
Ant Renamer
Apple Software Update
ArcSoft PhotoStudio 2000
AsusUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para o Windows Media Player 6.4 (KB925398)
Atualização de Segurança para Windows Internet Explorer 7 (KB928090)
Atualização de Segurança para Windows Internet Explorer 7 (KB929969)
Atualização de Segurança para Windows Internet Explorer 7 (KB931768)
Atualização de Segurança para Windows Internet Explorer 7 (KB933566)
Atualização de Segurança para Windows Internet Explorer 7 (KB937143)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows XP (KB890046)
Atualização de Segurança para Windows XP (KB893756)
Atualização de Segurança para Windows XP (KB896358)
Atualização de Segurança para Windows XP (KB896423)
Atualização de Segurança para Windows XP (KB896424)
Atualização de Segurança para Windows XP (KB896428)
Atualização de Segurança para Windows XP (KB899587)
Atualização de Segurança para Windows XP (KB899591)
Atualização de Segurança para Windows XP (KB901017)
Atualização de Segurança para Windows XP (KB901214)
Atualização de Segurança para Windows XP (KB902400)
Atualização de Segurança para Windows XP (KB904706)
Atualização de Segurança para Windows XP (KB905414)
Atualização de Segurança para Windows XP (KB905749)
Atualização de Segurança para Windows XP (KB908519)
Atualização de Segurança para Windows XP (KB911562)
Atualização de Segurança para Windows XP (KB911567)
Atualização de Segurança para Windows XP (KB911927)
Atualização de Segurança para Windows XP (KB912919)
Atualização de Segurança para Windows XP (KB913580)
Atualização de Segurança para Windows XP (KB914388)
Atualização de Segurança para Windows XP (KB914389)
Atualização de Segurança para Windows XP (KB917422)
Atualização de Segurança para Windows XP (KB917953)
Atualização de Segurança para Windows XP (KB918118)
Atualização de Segurança para Windows XP (KB918439)
Atualização de Segurança para Windows XP (KB919007)
Atualização de Segurança para Windows XP (KB920213)
Atualização de Segurança para Windows XP (KB920214)
Atualização de Segurança para Windows XP (KB920670)
Atualização de Segurança para Windows XP (KB920683)
Atualização de Segurança para Windows XP (KB920685)
Atualização de Segurança para Windows XP (KB921398)
Atualização de Segurança para Windows XP (KB921503)
Atualização de Segurança para Windows XP (KB921883)
Atualização de Segurança para Windows XP (KB922616)
Atualização de Segurança para Windows XP (KB922819)
Atualização de Segurança para Windows XP (KB923191)
Atualização de Segurança para Windows XP (KB923414)
Atualização de Segurança para Windows XP (KB923694)
Atualização de Segurança para Windows XP (KB923980)
Atualização de Segurança para Windows XP (KB924191)
Atualização de Segurança para Windows XP (KB924270)
Atualização de Segurança para Windows XP (KB924667)
Atualização de Segurança para Windows XP (KB925902)
Atualização de Segurança para Windows XP (KB926255)
Atualização de Segurança para Windows XP (KB926436)
Atualização de Segurança para Windows XP (KB927779)
Atualização de Segurança para Windows XP (KB927802)
Atualização de Segurança para Windows XP (KB928255)
Atualização de Segurança para Windows XP (KB928843)
Atualização de Segurança para Windows XP (KB929123)
Atualização de Segurança para Windows XP (KB930178)
Atualização de Segurança para Windows XP (KB931261)
Atualização de Segurança para Windows XP (KB931784)
Atualização de Segurança para Windows XP (KB932168)
Atualização de Segurança para Windows XP (KB935839)
Atualização de Segurança para Windows XP (KB935840)
Atualização de Segurança para Windows XP (KB936021)
Atualização de Segurança para Windows XP (KB938829)
Atualização para Windows XP (KB894391)
Atualização para Windows XP (KB898461)
Atualização para Windows XP (KB900485)
Atualização para Windows XP (KB904942)
Atualização para Windows XP (KB908531)
Atualização para Windows XP (KB910437)
Atualização para Windows XP (KB911280)
Atualização para Windows XP (KB916595)
Atualização para Windows XP (KB920342)
Atualização para Windows XP (KB920872)
Atualização para Windows XP (KB922582)
Atualização para Windows XP (KB925720)
Atualização para Windows XP (KB925876)
Atualização para Windows XP (KB927891)
Atualização para Windows XP (KB929338)
Atualização para Windows XP (KB930916)
Atualização para Windows XP (KB931836)
Atualização para Windows XP (KB936357)
Atualização para Windows XP (KB938828)
Audacity 1.2.6
avast! Antivirus
AVG 7.5
Battlefield 2(TM)
Battlefield 2: Special Forces
Canon CanoCraft CS-P 3.8
Canon ScanGear Toolbox CS 2.2
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
CCC Help English
ccc-core-preinstall
ccc-core-static
ccc-utility
CCleaner (remove only)
Chessmaster 10th Edition
City Life Deluxe
Combined Community Codec Pack 2007-02-22
Command & Conquer Generals
Community Expansion Pack version 1.01b
Company of Heroes
Counter-Strike: Condition Zero
DAEMON Tools
Diablo II
DirectVobSub (remove only)
Disc2Phone
EZ Macros
F-22 Lightning 3
Galactic Civilizations II
Google Earth
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix para Windows XP (KB914440)
HP Deskjet 3840
HP L1740 Driver Software
HP Update
HPSU306Stub
IRPF2007 - Declaração de Ajuste Anual
Java(TM) 6 Update 2
Kaspersky Online Scanner
L&H TTS3000 Português (Brasil)
Logitech Gaming Software
Messenger Plus! Live
Metal Gear Solid
MetalGearSolid2 Substance
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Language Pack - PTB
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional com FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.6)
Mp3tag v2.38
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Need for Speed Underground 2
Need for Speedâ„¢ Carbon
Need for Speedâ„¢ Most Wanted
Nero OEM
neroxml
Network Addon Mod Version June 2007
Neverwinter Nights
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion
Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0
Painel de Controle da ATI
PC Probe II
Platform
PowerDVD
Priston Tale
Project64 1.6
Railroad Tycoon 3
RCT3 Soaked
Receitanet 2007
Rise of Nations
RollerCoaster Tycoon® 3
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Samsung PC Studio
San Andreas Mod Installer
Security Update para o produto Microsoft .NET Framework 2.0 (KB928365)
Sid Meier's Civilization 4 - Warlords
Sid Meier's Civilization 4
SimCity 4 Rush Hour
Skins
Skypeâ„¢ 3.5
Sony Ericsson PC Suite 1.20.173
SoundMAX
Spyberus
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Sun Download Manager 2.0 (web)
Tom Clancy's Splinter Cell Chaos Theory
Tweak UI
Unlocker 1.8.5
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VideoLAN VLC media player 0.8.6c
Vodafone 804SS USB driver Software
WA Update v3.50 beta2
WebFldrs XP
Windows Communication Foundation Language Pack - PTB
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation Language Pack (PTB)
Windows Presentation Foundation
Windows Vista Upgrade Advisor
Windows Workflow Foundation BR Language Pack
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XNote Stopwatch 1.40
Xvid 1.1.3 final uninstall
Zone Media
ZoneAlarm Pro
µTorrent
Kupuham
Active Member
 
Posts: 11
Joined: August 22nd, 2007, 3:19 pm

Unread postby Kupuham » August 26th, 2007, 12:16 pm

Booted, didnt do the Kaspersky scan, here is the HijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 13:14:42, on 26/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avast\aswUpdSv.exe
C:\Arquivos de programas\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Anti Spyware\a-squared Free\a2service.exe
C:\ARQUIV~1\AVG7\avgamsvr.exe
C:\ARQUIV~1\AVG7\avgupsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Avast\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Avast\ashWebSv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Adobe Reader 8.0\Reader\Reader_sl.exe
C:\ARQUIV~1\Avast\ashDisp.exe
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Logitech\Profiler\lwemon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\usuário\Desktop\Download\UT1.6.1.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\usuário\Desktop\PC Diag\HijackThis.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Arquivos de programas\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\usuário\Desktop\Download\UT1.6.1.exe"
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-U ... E_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7835425890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\ROBOTG~1\Spyberus\RGIEMon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\Anti Spyware\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Kupuham
Active Member
 
Posts: 11
Joined: August 22nd, 2007, 3:19 pm

Unread postby askey127 » August 26th, 2007, 12:55 pm

Kupuham,
I don't want the AVG Services and Processes running while Avast is the primary AntiVirus.
Please UNINSTALL AVG.
-----------------------------------------------------------
Use Add/Remove Programs In Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

AVG 7.5

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------
Please be aware that Messenger Plus bundles with it a LOP infection if you ever choose to include the "Sponsor" software.
It will ask you to agree to "Sponsor" software any time it updates.
-----------------------------------------------------------
Download F-Secure Blacklight from here:
https://europe.f-secure.com/exclude/blacklight/fsbl.exe
* Download fsbl.exe and save it to C:\
Go to Start, Run, copy in the following text and press Enter:
C:\fsbl.exe /expert
(space between fsbl.exe and /expert)

Accept the agreement, leave [X]scan through Windows Explorer checked.
Click > scan, Then > next
You'll see a list of all items found.
Don't choose Rename if something was found!
There will also be a log in C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stands for numbers).
Copy and paste the contents of this log into your next reply.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the BlackLight log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Kupuham » August 26th, 2007, 1:27 pm

Came out clear....That would be good or bad?

08/26/07 14:04:43 [Info]: BlackLight Engine 1.0.64 initialized
08/26/07 14:04:43 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/26/07 14:04:43 [Note]: 7019 4
08/26/07 14:04:43 [Note]: 7005 0
08/26/07 14:04:54 [Note]: 7006 0
08/26/07 14:04:54 [Note]: 7022 0
08/26/07 14:04:54 [Note]: 7011 1540
08/26/07 14:04:54 [Note]: 7026 0
08/26/07 14:04:55 [Note]: 7026 0
08/26/07 14:04:59 [Note]: FSRAW library version 1.7.1022
08/26/07 14:20:11 [Note]: 7007 0



Logfile of HijackThis v1.99.1
Scan saved at 14:25:58, on 26/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avast\aswUpdSv.exe
C:\Arquivos de programas\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Anti Spyware\a-squared Free\a2service.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Avast\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Avast\ashWebSv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Adobe Reader 8.0\Reader\Reader_sl.exe
C:\ARQUIV~1\Avast\ashDisp.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Logitech\Profiler\lwemon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\usuário\Desktop\Download\UT1.6.1.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\usuário\Desktop\PC Diag\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Arquivos de programas\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\usuário\Desktop\Download\UT1.6.1.exe"
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-U ... E_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7835425890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\ROBOTG~1\Spyberus\RGIEMon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\Anti Spyware\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Kupuham
Active Member
 
Posts: 11
Joined: August 22nd, 2007, 3:19 pm

Unread postby askey127 » August 26th, 2007, 1:37 pm

Kupuham,
Your log looks OK.
If you don't have any known problems, please proceed with these:
-----------------------------------------------------------
Disable WinXP System Restore
Disable your System Restore to remove malware files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing them. The only way to erase these files is to temporarily disable System Restore. You will lose all previous Restore points, including those likely to be infected, and a new Restore Point will be established..
- Right-click My Computer, and then click Properties.
- On the System Restore tab, put a Check mark in the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
If you are not prompted to reboot, do it on your own.
-----------------------------------------------------------
After the Reboot,
Enable WinXP System Restore
- Right-click My Computer, and then click Properties.
- On the System Restore tab, Clear the Check mark beside the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
The Disable/Re-enable System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
Re-Enable SpywareGuard
- Go to SpyWareGuard in Programs and start it up.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Kupuham » August 26th, 2007, 1:54 pm

I did the system restore "thing" but I dont have SpywareGuard installed :? Did you mean SpywareBlaster?
Kupuham
Active Member
 
Posts: 11
Joined: August 22nd, 2007, 3:19 pm

Unread postby askey127 » August 26th, 2007, 3:53 pm

kupuham,
Sorry.
I do think you are all set.
(I had incorrectly recorded that you had SpyWareGuard.):oops:

SpywareBlaster IS a very good program to prevent accidentally downloading certain malicious ActiveX files, and it uses essentially no resources.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Kupuham » August 26th, 2007, 5:23 pm

Would you say then that my computer is reasonably safe?

Also, avast! and Zone Alarm Pro, combined with weekly scans from Ad-Aware and Spybot to be a reasonable policy?
Being this a possible backdoor infection, should I keep out for weird TCP connections? (I have TCP view installed, and use it sometimes just to check things out)

Again, many thanks for your help
Kupuham
Active Member
 
Posts: 11
Joined: August 22nd, 2007, 3:19 pm

Unread postby askey127 » August 26th, 2007, 7:07 pm

I think your computer does not have any more malware on it.
There will always be the issue of a re-install after a "backdoor" infection.

I would download AVG-Anti-Spyware and either pay for it, or manually update it and run the scan weekly.
Download and Run AVG Anti-Spyware:
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.

When the program has finished, it will display the message All actions have been applied.
You should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby askey127 » September 14th, 2007, 6:44 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
If you are the topic starter, you will need a valid, working link to the closed topic, along with the user name used.
The user name must match the one in the linked thread linked to avoid having the email deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 280 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware