Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virus - Probably More Than One.


  • Please log in to reply
5 replies to this topic

#1 mercernd

mercernd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 14 November 2007 - 08:22 PM

I have been battling a nasty virus for the past couple of days. I think it is possibly ths smitfraud virus but I am not sure. It causes IE to constantly open fake advertisements for virus software and balloons to pop up saying my system is slow. I have tried everything to get rid of this. Ad-Aware, Stinger, Spybot Search and Destroy, XoftSpyXe, and SmitFraudFix. XoftSpyXE finds a bunch of viruses and removes them all except for c:\windows\system32\ldcore.dll (Trojan-Downloader.Win32.small) which it says it will delete after a reboot. But it doesnt. The same behavior happens in safe mode. It is scary because the popups keep happening in safe mode. As soon as I reboot and run the scan again the viruses that were removed are all back. Please help me if you can!

Thanks you,
Noah

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:15 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\wamp\wampserver.exe
C:\mysql\bin\winmysqladmin.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\uiwotmih.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ce1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net;;localhost;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tduukrvy.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [{07-7B-B2-29-ZN}] C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [00007b86] rundll32.exe "C:\WINDOWS\system32\qsiyvbym.dll",b
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampserver.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://login.passport.net
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://portal2.carmax.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://portal.carmax.com/whalecombe58a36b4...tsweb/msrdp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\uiwotmih.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 8139 bytes

BC AdBot (Login to Remove)

 


#2 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:01:23 AM

Posted 15 November 2007 - 09:58 AM

Hi, Wellcome to Bleeping Computer Forums!

You might want to save this page on your favorites, so you can find it again when you return.


Please take note of the following:
  • I will be handling your log and helping you, please do not make any system changes yet.
  • The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.

:thumbsup:
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:01:23 AM

Posted 15 November 2007 - 12:00 PM

Hi,

Download ComboFix from Here or Here to your Desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 mercernd

mercernd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 16 November 2007 - 10:21 PM

Thanks for helping me with this problem.

Things have changed quite a bit since my first post. Yesterday I got home from work and booted up the computer to run ComboFix. I clicked on my user name to log in but before xp finished loading it gave me a blue screen of death. Tried a second and third time and got the same results. Started in safe mode but it just sat there with a black screen for over an hour. So in desperation I got attempted to repair windows from the xp cd. It didnt work. What I did manage to do was install a second copy of windows in the c:\windows1 directory. This seems to be running fine and i dont get any of the popups. If I run virus scans from this second windows session will it affect the viruses in the original windows? Can the viruses in the original windows steal personal information typed in the second installation?

Since I can no longer get to the original windows installation I ran HijackThis and ComboFix in the new installation.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:59 PM, on 11/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS1\System32\wuauclt.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS1\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS1\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe

--
End of file - 4209 bytes




ComboFix 07-11-08.1 - Family 2007-11-16 22:13:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.115 [GMT -5:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-16 10:42 143,360 --a------ C:\WINDOWS1\system32\dunzip32.dll
2007-11-16 10:40 171,240 --a------ C:\WINDOWS1\system32\drivers\mfehidk.sys
2007-11-16 10:40 109,608 --a------ C:\WINDOWS1\system32\drivers\Mpfp.sys
2007-11-16 10:40 71,496 --a------ C:\WINDOWS1\system32\drivers\mfeavfk.sys
2007-11-16 10:40 37,480 --a------ C:\WINDOWS1\system32\drivers\mfesmfk.sys
2007-11-16 10:40 34,184 --a------ C:\WINDOWS1\system32\drivers\mfebopk.sys
2007-11-16 10:40 32,008 --a------ C:\WINDOWS1\system32\drivers\mferkdk.sys
2007-11-16 10:39 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-16 10:38 <DIR> d-------- C:\Program Files\McAfee
2007-11-16 10:38 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-16 10:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\McAfee
2007-11-16 09:16 549,720 --a------ C:\WINDOWS1\system32\wuapi.dll
2007-11-16 09:16 325,976 --a------ C:\WINDOWS1\system32\wucltui.dll
2007-11-16 09:16 203,096 --a------ C:\WINDOWS1\system32\wuweb.dll
2007-11-16 09:16 186,136 --a------ C:\WINDOWS1\system32\wuaueng1.dll
2007-11-16 09:16 167,704 --a------ C:\WINDOWS1\system32\wuauclt1.exe
2007-11-16 09:16 33,624 --a------ C:\WINDOWS1\system32\wups.dll
2007-11-15 23:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\MailFrontier
2007-11-15 23:46 4,212 ---h----- C:\WINDOWS1\system32\zllictbl.dat
2007-11-15 23:44 75,248 --a------ C:\WINDOWS1\zllsputility.exe
2007-11-15 23:44 11,264 --a------ C:\WINDOWS1\system32\SpOrder.dll
2007-11-15 23:42 <DIR> d-------- C:\WINDOWS1\system32\ZoneLabs
2007-11-15 23:42 1,086,952 --a------ C:\WINDOWS1\system32\zpeng24.dll
2007-11-15 23:41 <DIR> d-------- C:\WINDOWS1\Internet Logs
2007-11-15 22:35 <DIR> d-------- C:\WINDOWS1\BDOSCAN8
2007-11-15 22:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy
2007-11-15 22:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-15 22:07 <DIR> d---s---- C:\Documents and Settings\Family\UserData
2007-11-15 21:59 <DIR> d---s---- C:\WINDOWS1\system32\Microsoft
2007-11-15 21:55 51,200 --a------ C:\WINDOWS1\NirCmd.exe
2007-11-15 19:47 696,320 --a--c--- C:\WINDOWS1\system32\dllcache\sapi.dll
2007-11-15 16:09 99,328 --a------ C:\WINDOWS1\system32\irftp.exe
2007-11-15 16:09 78,336 --a------ C:\WINDOWS1\system32\irmon.dll
2007-11-15 16:09 56,576 --a------ C:\WINDOWS1\system32\drivers\redbook.sys
2007-11-15 16:09 55,296 --a------ C:\WINDOWS1\system32\drivers\irda.sys
2007-11-15 16:09 26,624 --a------ C:\WINDOWS1\system32\drivers\alifir.sys
2007-11-15 16:09 19,584 --a------ C:\WINDOWS1\system32\drivers\rasirda.sys
2007-11-15 16:09 7,680 --a------ C:\WINDOWS1\system32\wshirda.dll
2007-11-15 16:08 231,552 --a------ C:\WINDOWS1\system32\drivers\ac97ali.sys
2007-11-15 16:08 134,272 --a------ C:\WINDOWS1\system32\drivers\portcls.sys
2007-11-15 16:08 67,072 --a------ C:\WINDOWS1\system32\usbui.dll
2007-11-15 16:08 57,856 --a------ C:\WINDOWS1\system32\drivers\drmk.sys
2007-11-15 16:08 16,074 --a------ C:\WINDOWS1\system32\drivers\FA312nd5.sys
2007-11-15 16:08 6,400 --a------ C:\WINDOWS1\system32\drivers\enum1394.sys
2007-11-15 16:08 4,096 --a------ C:\WINDOWS1\system32\ksuser.dll
2007-11-15 16:07 14,080 --a------ C:\WINDOWS1\system32\drivers\battc.sys
2007-11-15 16:07 13,184 --a------ C:\WINDOWS1\system32\drivers\CmBatt.sys
2007-11-15 16:07 9,344 --a------ C:\WINDOWS1\system32\drivers\compbatt.sys
2007-11-15 16:03 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS1\Documents
2007-11-15 16:02 <DIR> d-------- C:\WINDOWS1\system32\CatRoot2
2007-11-15 16:02 <DIR> d-------- C:\WINDOWS1\system32\CatRoot
2007-11-15 10:33 <DIR> d-------- C:\Program Files\Cool
2007-11-14 20:53 <DIR> d-------- C:\Program Files\Sygate
2007-11-11 20:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-11 19:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-11-11 17:11 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-31 20:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall
2007-10-31 20:33 <DIR> d-------- C:\Program Files\Jetico
2007-10-30 17:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2007-10-30 17:43 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2007-10-25 13:26 53,248 --a------ C:\WINDOWS1\bdoscandel.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 21:38 --------- d-----w C:\Program Files\LimeShop
2007-11-16 19:09 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-11 22:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lycos
2007-11-11 19:25 --------- d-----w C:\Program Files\Lavasoft
2007-11-02 20:08 --------- d-----w C:\Program Files\AIM6
2005-10-21 23:29 65,376 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-11-15_19.02.26.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-16 03:38:10 45,056 ----a-w C:\WINDOWS1\BDOSCAN8\avxdisk.dll
+ 2007-11-16 03:38:10 10,240 ----a-w C:\WINDOWS1\BDOSCAN8\avxs.dll
+ 2007-11-16 03:38:10 27,136 ----a-w C:\WINDOWS1\BDOSCAN8\avxt.dll
+ 2007-11-16 03:38:12 181,760 ----a-w C:\WINDOWS1\BDOSCAN8\bdcore.dll
+ 2007-10-25 18:26:48 118,784 ----a-w C:\WINDOWS1\BDOSCAN8\bdupd.dll
+ 2007-10-25 18:26:48 53,248 ----a-w C:\WINDOWS1\BDOSCAN8\ipsupd.dll
+ 2007-11-16 03:38:12 142,848 ----a-w C:\WINDOWS1\BDOSCAN8\libfn.dll
+ 2007-11-16 03:38:11 86,016 ----a-w C:\WINDOWS1\BDOSCAN8\librtvr.dll
- 2007-10-30 02:56:19 136,192 ----a-w C:\WINDOWS1\catchme.exe
+ 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS1\catchme.exe
+ 2007-10-25 18:26:48 118,784 ----a-w C:\WINDOWS1\Downloaded Program Files\bdupd.dll
+ 2007-10-25 18:26:48 53,248 ----a-w C:\WINDOWS1\Downloaded Program Files\ipsupd.dll
- 2002-08-29 20:00:00 14,848 ----a-w C:\WINDOWS1\system32\cdm.dll
+ 2007-07-31 03:19:20 92,504 ----a-w C:\WINDOWS1\system32\cdm.dll
- 2007-11-16 05:36:17 16,384 ----a-w C:\WINDOWS1\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-16 14:08:23 16,384 ----a-w C:\WINDOWS1\system32\config\systemprofile\Cookies\index.dat
- 2007-11-16 05:36:17 32,768 ----a-w C:\WINDOWS1\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-16 14:08:23 32,768 ----a-w C:\WINDOWS1\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-16 05:36:17 32,768 ----a-w C:\WINDOWS1\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-16 14:08:23 32,768 ----a-w C:\WINDOWS1\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2002-08-29 20:00:00 14,848 -c--a-w C:\WINDOWS1\system32\dllcache\cdm.dll
+ 2007-07-31 03:19:20 92,504 -c--a-w C:\WINDOWS1\system32\dllcache\cdm.dll
- 2002-08-29 20:00:00 166,912 -c--a-w C:\WINDOWS1\system32\dllcache\iuengine.dll
+ 2004-08-03 22:04:40 185,624 -c--a-w C:\WINDOWS1\system32\dllcache\iuengine.dll
- 2002-08-29 20:00:00 139,776 -c--a-w C:\WINDOWS1\system32\dllcache\wuauclt.exe
+ 2007-07-31 03:19:16 53,080 -c--a-w C:\WINDOWS1\system32\dllcache\wuauclt.exe
- 2002-08-29 20:00:00 189,440 -c--a-w C:\WINDOWS1\system32\dllcache\wuaueng.dll
+ 2007-07-31 03:19:42 1,712,984 -c--a-w C:\WINDOWS1\system32\dllcache\wuaueng.dll
- 2002-08-29 20:00:00 166,912 ----a-w C:\WINDOWS1\system32\iuengine.dll
+ 2004-08-03 22:04:40 185,624 ----a-w C:\WINDOWS1\system32\iuengine.dll
+ 2007-09-07 00:13:58 796,048 ----a-w C:\WINDOWS1\system32\libeay32_0.9.6l.dll
+ 2007-06-11 21:04:38 190,696 ----a-r C:\WINDOWS1\system32\Macromed\Flash\FlashUtil9d.exe
- 2007-11-16 05:42:01 40,190 ----a-w C:\WINDOWS1\system32\perfc009.dat
+ 2007-11-17 02:59:08 40,190 ----a-w C:\WINDOWS1\system32\perfc009.dat
- 2007-11-16 05:42:01 311,842 ----a-w C:\WINDOWS1\system32\perfh009.dat
+ 2007-11-17 02:59:08 311,842 ----a-w C:\WINDOWS1\system32\perfh009.dat
+ 2007-07-31 03:18:40 33,624 ----a-w C:\WINDOWS1\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
- 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS1\system32\swreg.exe
+ 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS1\system32\swreg.exe
+ 2007-09-07 00:14:04 83,432 ----a-w C:\WINDOWS1\system32\vsdata.dll
+ 2007-09-07 00:14:28 395,080 ----a-w C:\WINDOWS1\system32\vsdatant.sys
+ 2007-09-07 00:14:04 157,160 ----a-w C:\WINDOWS1\system32\vsinit.dll
+ 2007-09-07 00:14:04 103,912 ----a-w C:\WINDOWS1\system32\vsmonapi.dll
+ 2007-09-07 00:14:04 275,944 ----a-w C:\WINDOWS1\system32\vspubapi.dll
+ 2007-09-07 00:14:04 71,144 ----a-w C:\WINDOWS1\system32\vsregexp.dll
+ 2007-09-07 00:14:06 472,552 ----a-w C:\WINDOWS1\system32\vsutil.dll
+ 2007-09-07 00:14:06 46,568 ----a-w C:\WINDOWS1\system32\vswmi.dll
+ 2007-09-07 00:14:06 99,816 ----a-w C:\WINDOWS1\system32\vsxml.dll
- 2002-08-29 20:00:00 139,776 ----a-w C:\WINDOWS1\system32\wuauclt.exe
+ 2007-07-31 03:19:16 53,080 ----a-w C:\WINDOWS1\system32\wuauclt.exe
- 2002-08-29 20:00:00 189,440 ----a-w C:\WINDOWS1\system32\wuaueng.dll
+ 2007-07-31 03:19:42 1,712,984 ----a-w C:\WINDOWS1\system32\wuaueng.dll
+ 2007-07-31 03:19:12 43,352 ----a-w C:\WINDOWS1\system32\wups2.dll
+ 2007-09-07 00:14:06 83,432 ----a-w C:\WINDOWS1\system32\zlcomm.dll
+ 2007-09-07 00:14:08 71,144 ----a-w C:\WINDOWS1\system32\zlcommdb.dll
+ 2007-09-07 00:13:56 370,208 ----a-w C:\WINDOWS1\system32\ZoneLabs\av.dll
+ 2007-05-31 08:03:30 65,248 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 22:47:36 21,568 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 08:03:16 77,824 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 08:03:16 110,592 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 08:03:16 331,776 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 08:03:16 38,400 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 23:10:32 110,360 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 23:10:32 186,128 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-31 08:03:48 110,360 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 23:10:28 127,768 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-31 08:03:50 45,056 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-20 07:12:14 208,960 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\inv.dll
+ 2007-08-25 03:31:48 274,432 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\kave.dll
+ 2007-07-19 23:10:32 186,128 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\klif_32.sys
+ 2006-12-20 02:13:52 1,093,632 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 08:03:20 548,864 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 08:03:20 626,688 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 08:03:18 184,320 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 08:03:22 90,112 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\prremote.dll
+ 2007-08-25 03:31:48 135,168 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-20 02:13:52 200,704 ----a-w C:\WINDOWS1\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-09-07 00:13:56 99,816 ----a-w C:\WINDOWS1\system32\ZoneLabs\camupd.dll
+ 2004-01-30 20:35:08 813,568 ----a-w C:\WINDOWS1\system32\ZoneLabs\dbghelp.dll
+ 2007-09-07 00:13:58 128,480 ----a-w C:\WINDOWS1\system32\ZoneLabs\fbl.dll
+ 2007-09-07 00:13:58 38,376 ----a-w C:\WINDOWS1\system32\ZoneLabs\featuremap.dll
+ 2007-09-07 00:13:58 321,016 ----a-w C:\WINDOWS1\system32\ZoneLabs\imsecure.dll
+ 2007-09-07 00:14:30 288,144 ----a-w C:\WINDOWS1\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-09-07 00:14:30 152,976 ----a-w C:\WINDOWS1\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-09-07 00:14:30 26,000 ----a-w C:\WINDOWS1\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-09-07 00:14:32 1,361,296 ----a-w C:\WINDOWS1\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-09-07 00:14:32 71,056 ----a-w C:\WINDOWS1\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-09-07 00:15:50 30,184 ----a-w C:\WINDOWS1\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-09-07 00:15:52 30,216 ----a-w C:\WINDOWS1\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-08-15 23:45:42 714,208 ----a-w C:\WINDOWS1\system32\ZoneLabs\qrbase.dll
+ 2007-08-15 23:45:44 787,936 ----a-w C:\WINDOWS1\system32\ZoneLabs\qrsrecl.dll
+ 2007-09-07 00:14:00 173,544 ----a-w C:\WINDOWS1\system32\ZoneLabs\scheduler.dll
+ 2007-01-11 19:12:08 2,432,259 ----a-w C:\WINDOWS1\system32\ZoneLabs\spyware.dat
+ 2007-08-15 23:45:44 1,500,640 ----a-w C:\WINDOWS1\system32\ZoneLabs\srescan.dll
+ 2007-06-11 20:44:10 50,416 ----a-w C:\WINDOWS1\system32\ZoneLabs\srescan.sys
+ 2007-09-07 00:14:02 456,168 ----a-w C:\WINDOWS1\system32\ZoneLabs\ssleay32.dll
+ 2007-09-07 00:15:52 214,528 ----a-w C:\WINDOWS1\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-09-07 00:15:54 3,266,040 ----a-w C:\WINDOWS1\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 04:59:14 503,875 ----a-w C:\WINDOWS1\system32\ZoneLabs\upd_core.dll
+ 2007-08-01 14:30:04 833,248 ----a-w C:\WINDOWS1\system32\ZoneLabs\updating.dll
+ 2007-09-07 00:14:18 149,032 ----a-w C:\WINDOWS1\system32\ZoneLabs\updclient.exe
+ 2007-01-12 01:31:06 286,787 ----a-w C:\WINDOWS1\system32\ZoneLabs\updtrsdk.dll
+ 2007-09-07 00:14:04 108,008 ----a-w C:\WINDOWS1\system32\ZoneLabs\vsavpro.dll
+ 2007-09-07 00:14:04 79,336 ----a-w C:\WINDOWS1\system32\ZoneLabs\vsdb.dll
+ 2007-09-07 00:14:18 75,304 ----a-w C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
+ 2007-09-07 00:14:04 2,024,936 ----a-w C:\WINDOWS1\system32\ZoneLabs\vsmondll.dll
+ 2007-09-07 00:14:06 1,345,000 ----a-w C:\WINDOWS1\system32\ZoneLabs\vsruledb.dll
+ 2007-09-07 00:14:06 239,080 ----a-w C:\WINDOWS1\system32\ZoneLabs\vsvault.dll
+ 2007-01-11 19:12:08 2,432,259 ----a-w C:\WINDOWS1\system32\ZoneLabs\zlasdbup.dat
+ 2007-09-07 00:14:08 177,640 ----a-w C:\WINDOWS1\system32\ZoneLabs\zlparser.dll
+ 2007-09-07 00:14:08 79,344 ----a-w C:\WINDOWS1\system32\ZoneLabs\zlquarantine.dll
+ 2007-09-07 00:14:08 382,440 ----a-w C:\WINDOWS1\system32\ZoneLabs\zlsre.dll
+ 2007-09-07 00:14:08 120,296 ----a-w C:\WINDOWS1\system32\ZoneLabs\zlupdate.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 19:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 19:46]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Cool - Auto Update.lnk - C:\Program Files\Cool\cool.exe [2007-11-15 10:31:55]
Picaboo.lnk - C:\Program Files\Picaboo\Picaboo\PicabooMain.exe [2007-06-22 14:49:16]
WampServer.lnk - C:\wamp\wampserver.exe [2004-06-27 20:57:36]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-04-11 17:59:10]
WinMySQLadmin.lnk - C:\mysql\bin\winmysqladmin.exe [2006-01-28 19:44:10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS1\System32\DRIVERS\alifir.sys
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS1\System32\DRIVERS\FA312nd5.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 15:39:34 C:\WINDOWS1\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-11-16 15:39:31 C:\WINDOWS1\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 22:18:09
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 22:20:00
C:\ComboFix2.txt ... 2007-11-15 22:03
.
--- E O F ---

#5 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:01:23 AM

Posted 19 November 2007 - 06:05 AM

Hello,

If I run virus scans from this second windows session will it affect the viruses in the original windows?

It might find some of the malware if the scans are set to scan the hard drives as well, but it will be much harder to track these malware pests down now and chances are we won't be able to find everything.


Can the viruses in the original windows steal personal information typed in the second installation?


Well i cant tell you with 100% sure, because we dont have more information, just the HijackThis log.

The hijackthis log show us:

vvgeowbv.exe

Vundo

and this one (ldcore.dll) its dangerous, because includes functionality to access the internet and communicate with a remote server via HTTP, and to download, install and run new software.

I think the best course of action would be a reformat and reinstall of the OS.

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

If you choose to format and reinstall see this link for instructions:
http://www.cyberwalker.net/faqs/how-tos/reinstall-faq.html

This last hijackthis log and CF log running from C:\WINDOWS1 are both clean. But you only have the SP1.

Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.

Since October 10, 2006, Microsoft end all public assisted support for Windows XP Service Pack1 (SP1), and also end support for Windows 98, Windows Me. So when your system is clean afterwards, then update to SP2, because updating to SP2 CAN cause problems as long as you are infected.
Read this links, please:
Notice of end support: http://www.microsoft.com/windows/support/endofsupport.mspx

To be entirely safe you should update your system to Service Pack 2.


In your next reply, please let me know if you decided to reformat your PC.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#6 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:01:23 AM

Posted 23 November 2007 - 06:38 PM

EDIT

Edited by lusitano, 23 November 2007 - 06:39 PM.

Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users