Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 33

Thread: Novice in need of SERIOUS help! Can't even open browsers.

  1. #21
    Junior Member
    Join Date
    Apr 2009
    Posts
    17

    Default

    I will save the CFScript and attempt to manually update/install Adobe, Java and ATF Cleaner but I still don't have the ability to drag and drop files or internet access. Also to answer your question, user accounts and network connections are still empty and system restore is still disabled unfortunately.

    Thanks.

  2. #22
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,

    Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
    @echo off
    c:
    cd\
    dir /a /s svchost.exe >c:\fileLocation.txt

    Double-click on fixes.bat file to execute it. Post back contents of c:\fileLocation.txt file.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #23
    Junior Member
    Join Date
    Apr 2009
    Posts
    17

    Default

    Hi,

    I attempted to install an updated version of Adobe Reader and remove my current version of java, as you said in a previous post, but received a message saying Windows Install service could not be accessed (I'm not in safe mode).

    I was able to run ATF Cleaner without any problems but without internet acces, I wasn't able to complete Kaspersky online scanner.

    I executed fixes.bat again and posted the current log below.

    Volume in drive C has no label.
    Volume Serial Number is EC2E-9014

    Directory of C:\I386

    08/29/2002 05:00 AM 12,800 SVCHOST.EXE
    1 File(s) 12,800 bytes

    Directory of C:\WINDOWS\$NtServicePackUninstall$

    08/29/2002 05:00 AM 12,800 svchost.exe
    1 File(s) 12,800 bytes

    Directory of C:\WINDOWS\ServicePackFiles\i386

    08/04/2004 02:56 AM 14,336 svchost.exe
    1 File(s) 14,336 bytes

    Directory of C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e

    04/13/2008 07:12 PM 14,336 svchost.exe
    1 File(s) 14,336 bytes

    Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e

    04/13/2008 07:12 PM 14,336 svchost.exe
    1 File(s) 14,336 bytes

    Total Files Listed:
    5 File(s) 68,608 bytes
    0 Dir(s) 51,839,774,720 bytes free

  4. #24
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    I attempted to install an updated version of Adobe Reader and remove my current version of java, as you said in a previous post, but received a message saying Windows Install service could not be accessed (I'm not in safe mode).

    I was able to run ATF Cleaner without any problems but without internet acces, I wasn't able to complete Kaspersky online scanner.
    Let's leave those for a moment.


    Show hidden files
    -----------------
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.


    Upload following file to http://www.virustotal.com and post back the results:
    C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #25
    Junior Member
    Join Date
    Apr 2009
    Posts
    17

    Default

    I'm still having problems moving files. I tried to get the file on a disc or flash to transfer to another computer and upload to the website you provided but was unable to do so. Cut/Paste, Ctrl+C/V and 'Send To' are all still unsuccessful.

    Thanks.

  6. #26
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,

    Please create following batch file. It will copy the file to G: drive (make sure there is something to copy to).

    Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
    @echo off
    copy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe g:

    Double-click on fixes.bat file to execute it. After that you should have svchost.exe file on G: drive. Upload it to VirusTotal. Let me know how that goes
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #27
    Junior Member
    Join Date
    Apr 2009
    Posts
    17

    Default

    The results are shown below.


    File svchost.exe received on 05.08.2009 03:01:13 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


    Result: 0/39 (0%)

    Antivirus Version Last Update Result
    a-squared 4.0.0.101 2009.05.08 -
    AhnLab-V3 5.0.0.2 2009.05.07 -
    AntiVir 7.9.0.160 2009.05.07 -
    Antiy-AVL 2.0.3.1 2009.05.07 -
    Authentium 5.1.2.4 2009.05.07 -
    Avast 4.8.1335.0 2009.05.07 -
    AVG 8.5.0.327 2009.05.07 -
    BitDefender 7.2 2009.05.08 -
    CAT-QuickHeal 10.00 2009.05.06 -
    ClamAV 0.94.1 2009.05.08 -
    Comodo 1154 2009.05.06 -
    DrWeb 5.0.0.12182 2009.05.08 -
    eSafe 7.0.17.0 2009.05.07 -
    eTrust-Vet 31.6.6495 2009.05.08 -
    F-Prot 4.4.4.56 2009.05.07 -
    F-Secure 8.0.14470.0 2009.05.08 -
    Fortinet 3.117.0.0 2009.05.07 -
    GData 19 2009.05.08 -
    Ikarus T3.1.1.49.0 2009.05.08 -
    K7AntiVirus 7.10.728 2009.05.07 -
    Kaspersky 7.0.0.125 2009.05.07 -
    McAfee 5608 2009.05.07 -
    McAfee+Artemis 5608 2009.05.07 -
    McAfee-GW-Edition 6.7.6 2009.05.08 -
    Microsoft 1.4602 2009.05.07 -
    NOD32 4061 2009.05.07 -
    Norman 6.01.05 2009.05.07 -
    nProtect 2009.1.8.0 2009.05.07 -
    Panda 10.0.0.14 2009.05.07 -
    PCTools 4.4.2.0 2009.05.07 -
    Prevx 3.0 2009.05.08 -
    Rising 21.28.32.00 2009.05.07 -
    Sophos 4.41.0 2009.05.08 -
    Sunbelt 3.2.1858.2 2009.05.08 -
    Symantec 1.4.4.12 2009.05.08 -
    TheHacker 6.3.4.1.321 2009.05.07 -
    TrendMicro 8.950.0.1092 2009.05.07 -
    ViRobot 2009.5.7.1723 2009.05.07 -
    VirusBuster 4.6.5.0 2009.05.07 -
    Additional information
    File size: 14336 bytes
    MD5...: 27c6d03bcdb8cfeb96b716f3d8be3e18
    SHA1..: 49083ae3725a0488e0a8fbbe1335c745f70c4667
    SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
    SHA512: 1ea76bd898f96603f3aec695eb7bedcef8b4e1b27253ecb98035ac5ea42745c0
    da6b5523f8848cb0e6acb58710d8f2973368763e7b3895fa28d999552c9030d3
    ssdeep: 384:IDvi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:INcG6xlCRaJKGOA7S
    HJ

    PEiD..: -
    TrID..: File type identification
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x2509
    timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x2c00 0x2c00 6.29 f6589e1ed3da6afefb0b4294d9ff7f2e
    .data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2
    .rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882

    ( 4 imports )
    > ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
    > KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
    > ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
    > RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening

    ( 0 exports )

    PDFiD.: -
    RDS...: NSRL Reference Data Set
    -
    ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=27c6d03bcdb8cfeb96b716f3d8be3e18' target='_blank'>http://www.threatexpert.com/report.aspx?md5=27c6d03bcdb8cfeb96b716f3d8be3e18</a>

  8. #28
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Let's see if this works.

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    FCopy::
    C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe | C:\Windows\system32\svchost.exe
    C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe | C:\Windows\system32\dllcache\svchost.exe
    
    Folder::
    c:\program files\LimeWire
    
    DDS::
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=-

    Save this as
    CFScript.txt

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.


    Now you should have ComboFix.exe file and CFScript.txt file on your desktop.


    Please try following:
    Click start->run. In the runbox write this bolded command (remember quotes):
    "%userprofile%\desktop\ComboFix.exe" "%userprofile%\desktop\CFScript.txt"

    Then post the resultant log & a fresh hjt log.


    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #29
    Junior Member
    Join Date
    Apr 2009
    Posts
    17

    Default

    Hi,

    Here are the current ComboFix and HJT logs.


    ComboFix 09-05-02.3 - Emery 05/08/2009 17:19.7 - NTFSx86
    Running from: c:\documents and settings\Emery\desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Emery\desktop\CFScript.txt
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\LimeWire
    c:\program files\LimeWire\data.ser
    c:\program files\LimeWire\lib\aopalliance.jar
    c:\program files\LimeWire\lib\clink.jar
    c:\program files\LimeWire\lib\commons-httpclient.jar
    c:\program files\LimeWire\lib\commons-logging.jar
    c:\program files\LimeWire\lib\commons-net.jar
    c:\program files\LimeWire\lib\commons-pool.jar
    c:\program files\LimeWire\lib\daap.jar
    c:\program files\LimeWire\lib\forms.jar
    c:\program files\LimeWire\lib\foxtrot.jar
    c:\program files\LimeWire\lib\gettext-commons.jar
    c:\program files\LimeWire\lib\guice-1.0.jar
    c:\program files\LimeWire\lib\hashes
    c:\program files\LimeWire\lib\httpcore-nio.jar
    c:\program files\LimeWire\lib\httpcore.jar
    c:\program files\LimeWire\lib\icu4j.jar
    c:\program files\LimeWire\lib\id3v2.jar
    c:\program files\LimeWire\lib\jcraft.jar
    c:\program files\LimeWire\lib\jdic.dll
    c:\program files\LimeWire\lib\jdic.jar
    c:\program files\LimeWire\lib\jdic_stub.jar
    c:\program files\LimeWire\lib\jflac.jar
    c:\program files\LimeWire\lib\jl.jar
    c:\program files\LimeWire\lib\jmdns.jar
    c:\program files\LimeWire\lib\jogg.jar
    c:\program files\LimeWire\lib\jorbis.jar
    c:\program files\LimeWire\lib\LimeWire.ico
    c:\program files\LimeWire\lib\LimeWire.jar
    c:\program files\LimeWire\lib\log4j.jar
    c:\program files\LimeWire\lib\log4j.properties
    c:\program files\LimeWire\lib\looks.jar
    c:\program files\LimeWire\lib\messages.jar
    c:\program files\LimeWire\lib\mp3spi.jar
    c:\program files\LimeWire\lib\ProgressTabs.jar
    c:\program files\LimeWire\lib\swt.jar
    c:\program files\LimeWire\lib\SystemUtilities.dll
    c:\program files\LimeWire\lib\SystemUtilitiesA.dll
    c:\program files\LimeWire\lib\themes.jar
    c:\program files\LimeWire\lib\tray.dll
    c:\program files\LimeWire\lib\tritonus.jar
    c:\program files\LimeWire\lib\vorbisspi.jar
    c:\program files\LimeWire\LimeWire On Startup.lnk
    c:\program files\LimeWire\LimeWire.exe
    c:\program files\LimeWire\LimeWire.ico
    c:\program files\LimeWire\pmf.ico
    c:\program files\LimeWire\root\magnet10\badge.img
    c:\program files\LimeWire\root\magnet10\canHandle.img
    c:\program files\LimeWire\root\magnet10\limewire.gif
    c:\program files\LimeWire\root\magnet10\options.js
    c:\program files\LimeWire\root\magnet10\silentdetect.js
    c:\program files\LimeWire\SOURCE

    .
    --------------- FCopy ---------------

    c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe --> c:\windows\system32\svchost.exe
    c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe --> c:\windows\system32\dllcache\svchost.exe
    .
    ((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
    .

    2009-05-08 22:19 . 2008-04-14 00:12 14336 ----a-w c:\windows\system32\dllcache\svchost.exe
    2009-05-08 22:19 . 2008-04-14 00:12 14336 ----a-w c:\windows\system32\svchost.exe
    2009-04-28 23:10 . 2009-04-28 23:10 -------- d-----w C:\HbTools
    2009-04-28 23:10 . 2009-03-01 07:25 -------- d-----w C:\Download Manager
    2009-04-28 04:03 . 2009-04-28 04:03 2 --shatr c:\windows\winstart.bat
    2009-04-28 04:03 . 2009-03-01 00:32 -------- d-----w c:\program files\UnHackMe
    2009-04-28 02:37 . 2009-04-28 02:37 -------- d-----w c:\program files\Trend Micro
    2009-04-28 02:27 . 2008-06-19 21:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
    2009-04-28 02:26 . 2009-04-28 02:26 -------- d-----w c:\program files\Panda Security
    2009-04-27 01:28 . 2009-04-27 01:28 -------- d-----w c:\program files\iPod
    2009-04-27 01:28 . 2009-04-27 01:29 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-27 01:28 . 2009-04-27 01:29 -------- d-----w c:\program files\iTunes
    2009-04-25 05:04 . 2009-04-25 05:17 -------- d-----w c:\program files\Holdem Indicator
    2009-04-25 04:17 . 2009-04-25 18:29 -------- d-----w c:\program files\Incomplete

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-08 22:20 . 2007-09-25 23:20 -------- d-----w c:\program files\LogMeIn
    2009-04-28 04:06 . 2003-09-23 16:58 6 ---ha-w c:\windows\Tasks\SA.DAT
    2009-04-27 20:47 . 2009-03-07 21:47 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
    2009-04-27 01:28 . 2008-01-28 03:46 -------- d-----w c:\program files\Common Files\Apple
    2009-04-23 17:09 . 2008-05-21 04:15 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
    2009-03-26 23:45 . 2008-02-06 05:04 -------- d-----w c:\program files\SmartDraw 2008
    2009-03-26 22:48 . 2008-11-29 16:27 -------- d-----w c:\program files\Full Tilt Poker
    2009-03-26 22:48 . 2003-09-23 17:14 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-03-12 22:56 . 2008-01-28 03:50 -------- d-----w c:\program files\Bonjour
    2009-03-12 22:55 . 2009-03-12 22:55 -------- d-----w c:\program files\QuickTime
    2009-03-07 22:00 . 2009-03-07 22:01 410984 ----a-w c:\windows\system32\deploytk.dll
    2007-08-09 19:08 . 2007-10-31 19:32 8784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
    2007-08-09 19:10 . 2007-10-31 19:32 245408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
    "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-07 136600]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
    "nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2003-10-06 741376]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2008-1-29 884840]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-1-22 815104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-01-31 22:09 10520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-10-18 03:39 87352 ----a-w c:\windows\SYSTEM32\LMIinit.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1002:TCP"= 1002:TCP:Port required for Monsoon
    "2112:TCP"= 2112:TCP:Port required for Monsoon
    "11123:UDP"= 11123:UDP:Port required for Monsoon
    "1433:UDP"= 1433:UDP:SQL required for Monsoon
    "1434:UDP"= 1434:UDP:SQL required for Monsoon

    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
    R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
    R4 LMIRfsClientNP;LMIRfsClientNP; [x]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-31 325128]
    S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-31 107272]
    S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
    S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-18 47640]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - AegisP
    *Deregistered* - AFD
    *Deregistered* - Apple Mobile Device
    *Deregistered* - audstub
    *Deregistered* - avg8wd
    *Deregistered* - AvgLdx86
    *Deregistered* - AvgMfx86
    *Deregistered* - AvgTdiX
    *Deregistered* - Beep
    *Deregistered* - Bonjour Service
    *Deregistered* - Creative Service for CDROM Access
    *Deregistered* - CryptSvc
    *Deregistered* - ctsfm2k
    *Deregistered* - dmio
    *Deregistered* - dmload
    *Deregistered* - Fastfat
    *Deregistered* - Fips
    *Deregistered* - FLEXnet Licensing Service
    *Deregistered* - FltMgr
    *Deregistered* - Ftdisk
    *Deregistered* - Gpc
    *Deregistered* - i2omgmt
    *Deregistered* - IpNat
    *Deregistered* - IPSec
    *Deregistered* - IPVNMon
    *Deregistered* - KSecDD
    *Deregistered* - LMIInfo
    *Deregistered* - LMIMaint
    *Deregistered* - lmimirr
    *Deregistered* - LMIRfsDriver
    *Deregistered* - LogMeIn
    *Deregistered* - mnmdd
    *Deregistered* - MountMgr
    *Deregistered* - MRxDAV
    *Deregistered* - MRxSmb
    *Deregistered* - Msfs
    *Deregistered* - mssmbios
    *Deregistered* - Mup
    *Deregistered* - NDIS
    *Deregistered* - NdisTapi
    *Deregistered* - Ndisuio
    *Deregistered* - NdisWan
    *Deregistered* - NDProxy
    *Deregistered* - NetBIOS
    *Deregistered* - NetBT
    *Deregistered* - Npfs
    *Deregistered* - Ntfs
    *Deregistered* - Null
    *Deregistered* - NVSvc
    *Deregistered* - omci
    *Deregistered* - ossrv
    *Deregistered* - PartMgr
    *Deregistered* - ParVdm
    *Deregistered* - pavboot
    *Deregistered* - PfModNT
    *Deregistered* - PptpMiniport
    *Deregistered* - PSched
    *Deregistered* - RasAcd
    *Deregistered* - Rasl2tp
    *Deregistered* - RasMan
    *Deregistered* - RasPppoe
    *Deregistered* - Raspti
    *Deregistered* - Rdbss
    *Deregistered* - RDPCDD
    *Deregistered* - rdpdr
    *Deregistered* - RpcSs
    *Deregistered* - rspndr
    *Deregistered* - sr
    *Deregistered* - swenum
    *Deregistered* - TapiSrv
    *Deregistered* - Tcpip
    *Deregistered* - TermDD
    *Deregistered* - Udfs
    *Deregistered* - Update
    *Deregistered* - VgaSave
    *Deregistered* - VolSnap
    *Deregistered* - Wanarp
    *Deregistered* - WMDM PMSP Service

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = hxxp://smbusiness.dellnet.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: turbotax.com
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Emery\Application Data\Mozilla\Firefox\Profiles\k5fal1u5.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 17:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(476)
    c:\windows\system32\LMIinit.dll
    .
    Completion time: 2009-05-08 17:25
    ComboFix-quarantined-files.txt 2009-05-08 22:24
    ComboFix2.txt 2009-05-04 22:40
    ComboFix3.txt 2009-05-03 22:15
    ComboFix4.txt 2009-05-02 16:58
    ComboFix5.txt 2009-05-08 22:19

    Pre-Run: 51,832,668,160 bytes free
    Post-Run: 51,833,466,880 bytes free

    285 --- E O F --- 2009-03-27 00:19




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:27:05 PM, on 5/8/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WG111T\wlan111t.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-736787804-439403450-724691193-1006\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (User '?')
    O4 - HKUS\S-1-5-21-736787804-439403450-724691193-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
    O4 - HKUS\S-1-5-21-736787804-439403450-724691193-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201499207625
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 10224 bytes

  10. #30
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Looks a bit better. Are you able to access net and run Kaspersky online scanner now?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •