Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojanhorse Generic 10.het


  • Please log in to reply
3 replies to this topic

#1 mountain_man2

mountain_man2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 02 May 2008 - 02:56 PM

This thing just showed up and even though my virus protection says it is healed it keeps coming back. Here are the DSS report I ran on my computer.Deckard's System Scanner v20071014.68
Run by james.boone on 2008-05-02 14:24:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-02 18:24:57 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-02 14:31:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\BAsfIpM.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\RegClean\RegClean.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\james.boone\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {B235B346-FA47-4F10-889D-0400F41046CF} - C:\WINDOWS\system32\d3dim70.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
O4 - HKLM\..\Run: [RegClean] C:\Program Files\RegClean\RegClean.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program Files\AntispywareBot\AntispywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\Software\..\Telephony: DomainName = qcinc.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = qcinc.com
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = qcinc.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = qcinc.com
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\BAsfIpM.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 10489 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 tzkupvbd - c:\windows\system32\drivers\iushzjok.dat
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys <Not Verified; PCTEL Inc.; PCTEL Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 bmwebcfg (Bytemobile Web Configurator) - "c:\windows\system32\bmwebcfg.exe" <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-02 10:20:48 532 --a------ C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job
2008-03-06 11:58:10 508 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
2008-03-03 11:55:10 398 --a------ C:\WINDOWS\Tasks\RegClean Scheduled Scan.job
2007-11-23 19:08:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-02 and 2008-05-02 -----------------------------

2008-05-02 10:36:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-02 10:36:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-02 10:36:26 0 d-------- C:\WINDOWS\LastGood
2008-04-05 11:36:20 0 d-------- C:\Program Files\World Poker Championship


-- Find3M Report ---------------------------------------------------------------

2008-05-02 10:21:02 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-05-02 08:27:30 0 d-------- C:\Program Files\AntiSpywareBot
2008-05-02 08:10:48 0 d-------- C:\Documents and Settings\james.boone\Application Data\AVG7
2008-04-30 07:32:21 0 d-------- C:\Documents and Settings\james.boone\Application Data\U3
2008-04-28 06:51:31 0 d-------- C:\Documents and Settings\james.boone\Application Data\AntispywareBot
2008-04-11 06:42:14 0 d-------- C:\Program Files\RegClean
2008-04-11 06:42:14 0 d-------- C:\Documents and Settings\james.boone\Application Data\RegClean
2008-03-18 13:34:42 0 d-------- C:\Program Files\IntegriSign Desktop
2008-03-08 21:00:29 256 --a------ C:\Documents and Settings\james.boone\Application Data\urlredir.cfg
2008-03-06 13:40:55 0 d-------- C:\Program Files\AdwareAlert
2008-03-04 23:13:41 0 d-------- C:\Program Files\Musicmatch
2008-03-04 23:11:53 0 d-------- C:\Program Files\Verizon Wireless
2008-03-04 22:40:57 0 d-------- C:\Documents and Settings\james.boone\Application Data\Smith Micro
2008-03-04 22:37:00 0 d-------- C:\Program Files\LG Drivers
2008-03-04 16:47:03 0 d-------- C:\Documents and Settings\james.boone\Application Data\AdwareAlert
2008-03-04 15:11:22 98048 --a------ C:\WINDOWS\system32\d3dim70.dll
2008-03-02 17:16:17 0 d-------- C:\Program Files\iPod


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B235B346-FA47-4F10-889D-0400F41046CF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 05:33 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [06/03/2005 03:52 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 03:59 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/11/2005 01:45 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2005 12:26 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 09:04 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [07/12/2005 03:35 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 11:35 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 11:46 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/02/2008 08:14 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="E:\iTunesHelper.exe" []
"RegClean"="C:\Program Files\RegClean\RegClean.exe" [12/14/2007 10:39 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [10/30/2006 08:05 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [11/11/2004 09:50 PM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/10/2005 06:00 PM]
"AntiSpywareBot"="C:\Program Files\AntispywareBot\AntispywareBot.exe" [03/07/2008 02:51 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/7/2005 4:23:05 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 8:56:20 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12d1ae52-16a8-11dd-b80c-0012f0ab8a3c}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfc7e1d4-86da-11dc-b6f9-0012f0ab8a3c}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfc7e1d5-86da-11dc-b6f9-0012f0ab8a3c}]
AutoRun\command- G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db5a3eb5-c295-11dc-b76f-0012f0ab8a3c}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-05-02 14:32:05 ------------

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:35 AM

Posted 02 May 2008 - 03:23 PM

Hello! Welcome!

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :thumbsup:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 mountain_man2

mountain_man2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 02 May 2008 - 07:29 PM

I did follow your instructions and there were many infections found and deleted, but not sure about the Trojan horse. Here is the report

Malwarebytes' Anti-Malware 1.11
Database version: 709

Scan type: Quick Scan
Objects scanned: 43417
Time elapsed: 21 minute(s), 54 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 27
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 15
Files Infected: 42

Memory Processes Infected:
C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe (Rogue.AntiSpywareBot) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\AntiSpywareBot\SpyCleaner.dll (Rogue.AntiSpywareBot) -> Unloaded module successfully.
C:\Program Files\AntiSpywareBot\TCL.dll (Rogue.AntiSpywareBot) -> Unloaded module successfully.
C:\Program Files\AntiSpywareBot\zlib.dll (Rogue.AntiSpywareBot) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{509612ac-9a39-4b91-99bf-130414b9a333} (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{509612ac-9a39-4b91-99bf-130414b9a333} (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\2dda3201767c34b46a72671d26d39178 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\2dda3201767c34b46a72671d26d39178 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1f2dc567693e7164ab0065318cc0f041 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4eb29a50684e23f4e9d65186fa814342 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8baf7ca6202db60478328f0ee1eef1ee (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8f92bca0d10d5ad42ac7b8a272b92649 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a7a85540b6b4ac64db79ab454d0c0f9c (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a7e6f91d09bbe2742b9c465f33f87790 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a94987f586a451142994114d5fdc1d00 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\d722d4cbe0a53d44c975cf912bb7deba (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6743c36c-cbfe-11db-9705-005056c00008} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6743c36c-cbfe-11db-9705-005056c00008} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5b4016981c40d5f4b9925ed64ad7b526 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70b07021d02a5e347a162b223ea41cd5 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a30d1592adaa3d743884b8318328ad99 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a491438a809f60f458df33e67c80a5d2 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\bf91bd5c23255be4c8550acdf0f2ee89 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\cb6591e4426ef2b49aee7437e1144918 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\e326614894984a1468ca53b7dfcf99a5 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\f0598db56de5201439f9c2683914b53f (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssocial (Adware.RightOnAds) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AntiSpywareBot\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AntiSpywareBot\FilterDrv\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AdwareAlert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AdwareAlert\FilterDrv\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AdwareAlert\AddOns\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AddOns (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\FilterDrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AntispywareBot\Quarantine (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Installer\{160DAF32-99CE-43AC-8BDD-5CF52DE857E8}\Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{DFE3BCA7-FA45-40A6-9A53-3D4C77F03901}\Icon.exe (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\antispywarebot.sys (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.url (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\DataBase.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Difxapi.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\vistaCPtasks.xml (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AddOns\PostQuarantine.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\FilterDrv\AdwareAlert.cat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\FilterDrv\AdwareAlert.inf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\AntiSpywareBot.url (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\DataBase.ref (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\Difxapi.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\Launcher.exe (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\license.rtf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\SpyCleaner.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\TCL.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\unins000.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\unins000.exe (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\vistaCPtasks.xml (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\zlib.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv\AntiSpywareBot.amd64.sys (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv\AntiSpywareBot.cat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv\AntiSpywareBot.inf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv\AntiSpywareBot.x86.sys (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AdwareAlert\Log\2008 Mar 06 - 10_58_06 AM_281.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\AntiSpywareBot on the Web.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\AntiSpywareBot.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\Uninstall AntiSpywareBot.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AntispywareBot\rs.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AntispywareBot\Log\2008 May 02 - 07_50_01 PM_171.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\AntispywareBot\Log\2008 May 02 - 10_20_41 AM_812.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dcads_sidebar.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DcadsSocial-uninstall.exe (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AntiSpywareBot.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\james.boone\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:35 AM

Posted 03 May 2008 - 01:08 AM

Please re-run Deckard's system scanner and post the results.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users