Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware In Win2000 ,window Problems


  • Please log in to reply
9 replies to this topic

#1 ricky garg

ricky garg

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 23 March 2008 - 10:02 AM

i am running pentium -IIII 756 ddr ram 160 gb hard disk with original windows 2000 sp4. upto now i was able to down load all updates from microsoft windows update sit but now when ever i try to update windows . even the auto update shows only 0% download. If you try to open/click automatic updates in settings in control panel nothing happens.

Internet explorer hangs when we try to use it. I can only use mozilla - firefox 2.0.0.12.

third i switch off sharing of all three partitions but every time the computer boots sharing by default is switched on for all partitions .

as directed i am posting hijack it logs. also scan report of Computer Associates (CA) malware scan is also enclosed .

here is hijack this logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:45 PM, on 3/23/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\software\a-squared Free\a2service.exe
D:\software\grisoft\avg\avgamsvr.exe
D:\software\grisoft\avg\avgupsvc.exe
D:\software\grisoft\avg\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
D:\software\grisoft\avg\avgcc.exe
D:\software\eDonkey2000\eDonkey2000.exe
D:\software\Webshots\webshots.scr
D:\software\mozilla\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINNT\system32\msiexec.exe
D:\software\super\SUPERAntiSpyware.exe
D:\software\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reliancebroadband.co.in/home?t=f9xmydh9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\software\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\software\java\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] D:\software\grisoft\avg\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\software\java\bin\jusched.exe"
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "d:\softwareWinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDonkey2000] D:\software\eDonkey2000\eDonkey2000.exe -t
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\software\grisoft\avg\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Webshots.lnk = D:\software\Webshots\Launcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\software\java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\software\java\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: RaptisoftGameLoader - http://www.gamehouse.com/realarcade-webgam...tgameloader.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1197025256515
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - D:\software\super\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\software\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\software\grisoft\avg\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\software\grisoft\avg\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\software\grisoft\avg\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Windows Office Services - Unknown owner - C:\WINNT\system32\svshost.exe (file missing)

--
End of file - 6059 bytes


CA Anti-Spyware scan report


P2P "Grokster" found in:
key "hkey_classes_root \magnet"
More Info
KaZaA P2P
P2P "KaZaA" found in:
key "hkey_current_user \software\kazaa"
More Info
eMule P2P
P2P "eMule" found in:
key "hkey_current_user \software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\emule"
key "hkey_local_machine \software\classes\ed2k"
More Info
Limewire P2P
P2P "Limewire" found in:
key "hkey_current_user \software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire"
key "hkey_local_machine \software\limewire"
key "hkey_local_machine \software\microsoft\windows\currentversion\uninstall\limewire"
Folder "C:\Documents and Settings\Administrator\Start Menu\Programs\LimeWire"
More Info
Bifrost Backdoor
Backdoor "Bifrost" found in:
key "hkey_current_user \software\wget"
More Info
Netzip Spyware
Spyware "Netzip" found in:
key "hkey_classes_root \mime\database\content type\application/x-cnet-vsl" value "extension" data ".vsl"
More Info
netflame.cc Tracking Cookie
Tracking Cookie "netflame.cc" found in:
Cookie "administrator@ssl-hints.netflame[2].txt" File "C:\Documents and Settings\Administrator\Cookies\administrator@ssl-hints.netflame[2].txt"
More Info
PWS Password Cracker
Password Cracker "PWS" found in:
File "C:\WINNT\system32\bassmod.dll"

BC AdBot (Login to Remove)

 


m

#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:47 AM

Posted 08 April 2008 - 08:25 AM

Hi and welcome,

Sorry for the delay but we are really swamped with logs.

If you still need help; I'll need new logs.
Please follow instructions here for the logs we now require.

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Thanks :thumbsup:

*additional note:
One of the logs you posted indicates backdoor and/or password cracking tools.
I advise you if you have done online banking, online shopping to use a known secure computer to change your online passwords and notify your financial companies so they can monitor your accounts for unusual activity.
Please don't use this computer for above mentioned activities untill cleaned up
.

Here is some info to read:

How do I handle possible Identity theft, Internet Fraud & CC Fraud?:

http://www.dslreports.com/faq/10451

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 ricky garg

ricky garg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 08 April 2008 - 11:01 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:32 PM, on 4/8/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\software\a-squared Free\a2service.exe
D:\software\grisoft\avg\avgamsvr.exe
D:\software\grisoft\avg\avgupsvc.exe
D:\software\grisoft\avg\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
D:\software\grisoft\avg\avgcc.exe
D:\software\java\bin\jusched.exe
D:\software\eDonkey2000\eDonkey2000.exe
D:\software\Webshots\webshots.scr
D:\software\mozilla\firefox.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\WINNT\system32\divxsm.exe
D:\software\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reliancebroadband.co.in/home?t=f9xmydh9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\software\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\software\java\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] "D:\software\grisoft\avg\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\software\java\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDonkey2000] "D:\software\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\software\super\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\software\grisoft\avg\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Webshots.lnk = D:\software\Webshots\Launcher.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O16 - DPF: RaptisoftGameLoader - http://www.gamehouse.com/realarcade-webgam...tgameloader.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1197025256515
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - D:\software\super\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\software\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\software\grisoft\avg\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\software\grisoft\avg\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\software\grisoft\avg\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Windows Office Services - Unknown owner - C:\WINNT\system32\svshost.exe (file missing)

--
End of file - 5478 bytes

#4 ricky garg

ricky garg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 08 April 2008 - 11:08 AM

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-08 21:41:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:55 PM, on 4/8/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\software\a-squared Free\a2service.exe
D:\software\grisoft\avg\avgamsvr.exe
D:\software\grisoft\avg\avgupsvc.exe
D:\software\grisoft\avg\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
D:\software\grisoft\avg\avgcc.exe
D:\software\java\bin\jusched.exe
D:\software\eDonkey2000\eDonkey2000.exe
D:\software\Webshots\webshots.scr
D:\software\mozilla\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
D:\downloads\dss.exe
D:\software\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reliancebroadband.co.in/home?t=f9xmydh9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\software\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\software\java\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] "D:\software\grisoft\avg\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\software\java\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDonkey2000] "D:\software\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\software\super\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\software\grisoft\avg\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Webshots.lnk = D:\software\Webshots\Launcher.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O16 - DPF: RaptisoftGameLoader - http://www.gamehouse.com/realarcade-webgam...tgameloader.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1197025256515
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - D:\software\super\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\software\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\software\grisoft\avg\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\software\grisoft\avg\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\software\grisoft\avg\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Windows Office Services - Unknown owner - C:\WINNT\system32\svshost.exe (file missing)

--
End of file - 5466 bytes

-- HijackThis Fixed Entries (D:\software\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080322-104513-188 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
backup-20080322-104513-214 O20 - Winlogon Notify: jkkigeb - jkkigeb.dll (file missing)
backup-20080322-104513-271 O2 - BHO: (no name) - {2F034BF0-18FE-43EC-AE33-7324D8061142} - (no file)
backup-20080322-104513-739 O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
backup-20080322-104513-814 O23 - Service: Local Service - Unknown owner - C:\WINNT\wuauapl.exe (file missing)
backup-20080322-104513-820 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
backup-20080322-104513-906 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
backup-20080322-104513-987 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NTIDrvr (Upper Class Filter Driver) - c:\winnt\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 SASENUM - d:\software\super\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SMBios (Intel ® System Management BIOS Service) - c:\winnt\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>

S3 BOCDRIVE (BOClean Kernel Monitor.) - d:\software\boc\bocdrive.sys (file missing)
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 NAL (Nal Service ) - c:\winnt\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>
S3 SDTHOOK - c:\winnt\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Windows Office Services - "c:\winnt\system32\svshost.exe" (file missing)
S4 Local Service - "c:\winnt\wuauapl.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\SAM1034\4&4A12248&0&80861100&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\SAM1034\4&4A12248&0&80861100&00&02
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-03-01 16:48:28 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 21:27:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2f0.dat
2008-04-08 11:47:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2d0.dat
2008-04-07 22:06:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2dc.dat
2008-04-07 18:16:53 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_430.dat
2008-04-07 12:52:37 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_47c.dat
2008-04-06 17:26:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\FrostWire
2008-04-04 16:29:45 53248 --a------ C:\WINNT\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-04 16:25:20 68096 --a------ C:\WINNT\zip.exe
2008-04-04 16:25:20 49152 --a------ C:\WINNT\VFind.exe
2008-04-04 16:25:20 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-04 16:25:20 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-04 16:25:20 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-04 16:25:20 98816 --a------ C:\WINNT\sed.exe
2008-04-04 16:25:20 80412 --a------ C:\WINNT\grep.exe
2008-04-04 16:25:20 73728 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-04 11:08:58 0 d-------- C:\demo-full
2008-04-04 11:07:48 0 dr------- C:\DEMO
2008-04-03 18:24:27 0 d------c- C:\WINNT\system32\DRVSTORE
2008-04-03 18:24:17 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-03 13:00:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-03 12:40:16 0 d-------- C:\WINNT\Downloaded Installations
2008-04-02 17:03:05 5936 --a------ C:\Documents and Settings\Administrator\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-02 17:03:05 79328 --a------ C:\Documents and Settings\Administrator\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-04-02 17:03:05 92064 --a------ C:\Documents and Settings\Administrator\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-04-02 17:03:05 9232 --a------ C:\Documents and Settings\Administrator\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-04-02 17:03:05 4048 --a------ C:\Documents and Settings\Administrator\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-02 17:03:05 6208 --a------ C:\Documents and Settings\Administrator\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-02 17:03:05 66656 --a------ C:\Documents and Settings\Administrator\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-02 17:03:00 6947 --a------ C:\Documents and Settings\Administrator\1207135980-(null)
2008-04-01 15:44:36 0 d-------- C:\r1
2008-03-31 20:58:21 0 d-------- C:\Program Files\CCEditor
2008-03-27 13:07:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2e4.dat
2008-03-27 13:04:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_300.dat
2008-03-27 12:48:50 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5b0.dat
2008-03-23 17:50:57 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\SUPERAntiSpyware.com
2008-03-23 17:50:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-22 19:05:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jamdat
2008-03-21 16:47:01 208896 --a------ C:\WINNT\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2008-03-17 17:33:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Raptisoft
2008-03-16 22:46:15 0 d-------- C:\WINNT\ERUNT
2008-03-15 16:10:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Eyeblaster
2008-03-14 23:45:25 4096 --a------ C:\WINNT\d3dx.dat
2008-03-14 16:20:30 40 --a------ C:\WINNT\RSoftInfo.dat
2008-03-14 14:01:48 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2c0.dat
2008-03-12 10:31:37 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_308.dat
2008-03-11 16:59:41 0 d-------- C:\My Games
2008-03-11 14:22:45 0 d-------- C:\My Download Files
2008-03-11 10:47:18 25600 --a------ C:\Documents and Settings\Administrator\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-11 10:46:44 0 d-------- C:\Program Files\Motorola Phone Tools
2008-03-11 09:06:56 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>


-- Find3M Report ---------------------------------------------------------------

2008-04-08 10:45:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-07 22:47:49 1100092 ---h----- C:\WINNT\ShellIconCache
2008-04-06 21:48:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-04-03 18:24:17 0 d-a------ C:\Program Files\Common Files
2008-04-03 13:00:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-02 16:15:37 0 d-------- C:\Program Files\LiveUpdate
2008-04-01 18:42:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-27 19:43:13 20 --a------ C:\WINNT\´ûº
2008-03-21 12:51:34 0 d-------- C:\Program Files\InterVideo
2008-03-17 17:27:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-03-10 22:28:53 0 d-------- C:\Program Files\Real
2008-03-10 22:28:50 0 d-------- C:\Program Files\Common Files\Real
2008-03-05 20:43:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webshots
2008-03-01 20:22:58 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4d8.dat
2008-03-01 16:48:27 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2ec.dat
2008-03-01 16:48:26 0 d-------- C:\Program Files\Apple Software Update
2008-02-28 19:35:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-02-27 21:51:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-02-20 21:54:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-19 11:56:40 345604 --a------ C:\WINNT\system32\msinfhlp.exe <Not Verified; Microsoft; Microsoft msinfhlp>
2008-01-20 21:18:34 120 --a------ C:\drmHeader.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/20/03 12:35a C:\WINNT\system32\mobsync.exe]
"AVG7_CC"="D:\software\grisoft\avg\avgcc.exe" [12/21/07 07:19p]
"SunJavaUpdateSched"="D:\software\java\bin\jusched.exe" [02/22/08 04:25a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/08 10:16p]
"eDonkey2000"="D:\software\eDonkey2000\eDonkey2000.exe" [07/27/05 08:44p]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/05 11:46p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="D:\software\super\SUPERAntiSpyware.exe" [02/29/08 04:03p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Webshots.lnk - D:\software\Webshots\Launcher.exe [3/5/2008 8:43:13 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\software\super\SASSEH.DLL [12/20/06 12:55p 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\software\super\SASWINLO.dll 04/19/07 12:41p 294912 D:\software\super\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-04-08 21:43:54 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.80GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 509.8 MiB / 213.29 MiB
Pagefile Memory (total/avail): 1400.61 MiB / 1037.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1951.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 16.27 GiB free.
D: is Fixed (NTFS) - 39.06 GiB total, 33.87 GiB free.
E: is Fixed (NTFS) - 49.87 GiB total, 11.11 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600AABB-00PUA0 - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 88.93 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINNT
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;D:\software\java\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SUPERCOMPUTER
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\SUPERCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=D:\software\mozilla;C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;D:\software\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=D:\software\java\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=SUPERCOMPUTER
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> D:\software\DivX\DivXConverterUninstall.exe /CONVERTER
a-squared Free 3.0 --> "D:\software\a-squared Free\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINNT\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG 7.5 --> D:\software\grisoft\avg\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> D:\software\grisoft\AVG Anti-Rootkit Free\Uninstall.exe
CCEditor 1.0 --> "C:\Program Files\CCEditor\unins000.exe"
DivX Codec --> D:\software\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> D:\software\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> D:\software\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\software\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\software\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA SPORTS Cricket 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C19CD845-640B-4B87-8F25-A27CAB7122BF}\setup.exe" -l0x9
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
eDonkey2000 --> "D:\software\eDonkey2000\uninstall_eDonkey2000.exe"
FrostWire 4.13.5 --> D:\software\FrostWire\Uninstall.exe
HijackThis 2.0.2 --> "D:\software\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Image Zone 3.5 --> D:\hp\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "D:\hp\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Keat --> C:\WINNT\system32\msinfhlp.exe ;uninstall; ;d:\Keat\Keat.dat;
KeatSetUP --> C:\WINNT\system32\msinfhlp.exe ;uninstall; ;D:\Keat\KeatSetUP.dat;
LimeWire PRO 4.14.12 --> "D:\software\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "d:\software\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB925168) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M925168\M925168Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINNT\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Windows User State Migration Tool version 2.61 --> MsiExec.exe /I{2310B571-AB51-4807-9F75-B20BF576FFDC}
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.13) --> D:\software\mozilla\uninstall\helper.exe
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Media Player --> C:\WINNT\UNNMP.exe /UNINSTALL
Nero OEM --> D:\software\ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINNT\UNNeroVision.exe /UNINSTALL
NTI CD-Maker 6 Standard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 7.0 --> "d:\software\Registry Mechanic\unins000.exe"
Security Update for Windows 2000 (KB904706) -->
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Spybot - Search & Destroy 1.4 --> "D:\software\Spybot - Search & Destroy\unins000.exe"
Webshots Desktop --> "D:\software\Webshots\unins000.exe"
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
Windows Messenger 5.1 --> MsiExec.exe /I{9D1C26BD-E792-4159-9D16-07EA222D8EF0}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinRAR archiver --> D:\SOFTWARE\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type44 / Error
Event Submitted/Written: 04/08/2008 09:23:43 PM
Event ID/Source: 0 /
Event Description:
7

Event Record #/Type43 / Error
Event Submitted/Written: 04/08/2008 09:23:43 PM
Event ID/Source: 0 /
Event Description:
6

Event Record #/Type42 / Error
Event Submitted/Written: 04/08/2008 06:06:20 PM
Event ID/Source: 0 /
Event Description:
7

Event Record #/Type41 / Error
Event Submitted/Written: 04/08/2008 06:06:20 PM
Event ID/Source: 0 /
Event Description:
6

Event Record #/Type40 / Warning
Event Submitted/Written: 04/08/2008 04:31:36 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4095 / Error
Event Submitted/Written: 04/08/2008 07:54:06 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer WIN06V3
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{592CD138-2319-4E78-8.
The master browser is stopping or an election is being forced.

Event Record #/Type4094 / Error
Event Submitted/Written: 04/08/2008 06:44:03 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer ABC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{592CD138-2319-4E78-8DBC.
The master browser is stopping or an election is being forced.

Event Record #/Type4092 / Error
Event Submitted/Written: 04/08/2008 05:39:37 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer GURU
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{592CD138-2319-4E78-8DBC.
The master browser is stopping or an election is being forced.

Event Record #/Type4091 / Error
Event Submitted/Written: 04/08/2008 04:32:05 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer ABC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{592CD138-2319-4E78-8DBC.
The master browser is stopping or an election is being forced.

Event Record #/Type4090 / Warning
Event Submitted/Written: 04/08/2008 04:31:30 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0007E982926D. The following
error occured:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-04-08 21:43:54 ------------

#5 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:47 AM

Posted 08 April 2008 - 04:30 PM

Hi,

Thanks for the logs.

Program I am not familliar with ...
Keat. Is that a trade watching program?
This?

http://www.kotaksecurities.com/supertrader/keat/keat.html

If it is -- thats OK. I just need to know if that is in fact the program.

----------------------------

Download this file and save it to your c:\winnt\system32 folder:

http://www.xs4all.nl/~fstaal01/downloads/swsc.exe

It is a program to help manage services.

Once saved ...
Click start> run> type cmd and hit enter.
A "dos" box pops up.
type the following commands exactly as you see em and hit enter after each one.

swsc delete "Windows Office Services"
swsc delete "Local Service"
exit


Should get success messege for first 2
The "exit" command simply closes the CMD window.

That removed a couple leftover trojan services.

Reboot.

-----------------------

Anything in this folder?

C:\r1 <-- If so .. what? Familliar contents?

How about this one?

C:\WINNT\´ûº <-- Not sure if I have the characters right. (I only copied what I see in my browser)


Go to http://www.virustotal.com/en/indexf.html
Copy the following line into the white textbox:
C:\Documents and Settings\Administrator\1207135980-(null)
Click Send.
Please post the results of this scan to this thread.
Please include the file MD5 information if available.

--------------------------

Post new Hijackthis log and let me know how system is running please.

----------------------------

Using Internet Explorer please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

Click "I accept"

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save report button.
  • Call it Kaspersky.txt
  • Expand the arrow beside "file types" and save as .txt file.
    http://i266.photobucket.com/albums/ii277/s...Kas-Savetxt.gif
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

*Note2
If you have trouble to get IE to work please try the following:

Open Internet Options in control panel.
Click "security" tab.
"Internet" should be hilighted.
Click "Default level"
Click "Apply"
Click "OK"

If IE was running you will need to restart it for new settings to take effect.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#6 ricky garg

ricky garg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 08 April 2008 - 11:16 PM

keat is stock trading software

downloaded swsc.exe and cleaned as directed.


r1 is folder containing videos.

thequery regarding c:\winnt \Q i dont know any-thing about it. i think you will know about it.


kaspersky scan is being informed.


virus total scan result
File 1207135980-_null_ received on 04.09.2008 05:29:09 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 5.
Estimated start time is between 52 and 75 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.4.9.0 2008.04.08 -
AntiVir 7.6.0.81 2008.04.08 -
Authentium 4.93.8 2008.04.09 -
Avast 4.8.1169.0 2008.04.08 -
AVG 7.5.0.516 2008.04.08 -
BitDefender 7.2 2008.04.09 -
CAT-QuickHeal 9.50 2008.04.08 -
ClamAV None 2008.04.09 -
DrWeb 4.44.0.09170 2008.04.08 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5683 2008.04.08 -
Ewido 4.0 2008.04.08 -
F-Prot 4.4.2.54 2008.04.08 -
F-Secure 6.70.13260.0 2008.04.09 -
FileAdvisor 1 2008.04.09 -
Fortinet 3.14.0.0 2008.04.09 -
Ikarus T3.1.1.26 2008.04.08 -
Kaspersky 7.0.0.125 2008.04.09 -
McAfee 5269 2008.04.08 -
Microsoft 1.3408 2008.04.06 -
NOD32v2 3011 2008.04.08 -
Norman 5.80.02 2008.04.08 -
Panda 9.0.0.4 2008.04.08 -
Prevx1 V2 2008.04.09 -
Rising 20.39.12.00 2008.04.08 -
Sophos 4.28.0 2008.04.09 -
Sunbelt 3.0.1032.0 2008.04.08 -
Symantec 10 2008.04.09 -
TheHacker 6.2.92.269 2008.04.09 -
VBA32 3.12.6.4 2008.04.06 -
VirusBuster 4.3.26:9 2008.04.08 -
Webwasher-Gateway 6.6.2 2008.04.08 -
Additional information
File size: 6947 bytes
MD5...: cf59692b06c2dea959ada5db191d3ef9
SHA1..: ceed825ed6cde02180aab677256f6d431d1eb460
SHA256: 6aa8ca63d9b8293be61d77592cc0c3cdedba47f6f785951a43c8650b4bc2ddf4
SHA512: 76edf5190d665ca990dc5a782ba63b9403c0b8ae1f43b57e62a7d513ce692023
284969ad202dcd65ffd8858a4340f16bb90791bb2a0f1d28461c3ec08bd07377
PEiD..: -
PEInfo: -

#7 ricky garg

ricky garg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 09 April 2008 - 12:38 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 09, 2008 11:13:29 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/04/2008
Kaspersky Anti-Virus database records: 691309
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 37365
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:02:34

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zp230svi.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\WINNT\AdvPack.log Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{2B4D9C75-3ADE-46AE-B825-C6FD75AE5452}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

#8 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:47 AM

Posted 10 April 2008 - 01:10 AM

Hi,

That log looks OK.
How is the system running now?

Can I see a new Hijackthis log please?

Can you reach the Windows Update site now?

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#9 ricky garg

ricky garg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 10 April 2008 - 02:19 AM

one problem remains. when ever we reboot the system ; disk sharing for all partitions gets switched on. please advice.

#10 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:47 AM

Posted 10 April 2008 - 10:56 PM

Hi,

How are you trying to disable sharing?
And do you need to share a printer on the network?
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users